Bug#489835: seccure-* FATAL: Cannot obtain memory lock
James, I really test seccure-decrypt and works fine to me, only complains a warning but works fine... This is the warning... WARNING: Cannot obtain memory lock: Cannot allocate memory. but I presume you already knows... do you belive any other component could fail in a particular way? I ask this because I belive your test are by far more large than mine, but if I could bring some help, there is my pleasure to do it, just tell me how. Thanks for all your help and work. Greatings On Sat, Sep 27, 2008 at 4:30 AM, James Westby [EMAIL PROTECTED] wrote: On Tue, 2008-09-09 at 23:17 -0500, Jaime Ochoa =?UTF-8?Q?Malag=C3=B3n ?= wrote: James, Bothering you again, I just try to see my files since the upgrade and have this error... WARNING: Cannot obtain memory lock: Cannot allocate memory. Assuming MAC length of 80 bits. O j: operation is not possible without initialized secure memory On the early test I just run the program but not decrypt my files... Hi, Thanks for catching this. A fixed package should be on its way to the archive right now, seccure 0.3-3, I would appreciate you verifying that it works for you as soon as possible. Apologies for not getting this right the first time around. Thanks, James -- Perhaps the depth of love can be calibrated by the number of different selves that are actively involved in a given relationship. Carl Sagan (Contact) Jaime Ochoa Malagón Arquitecto de Soluciones Cel: +52 (55) 1021 0774 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489835: seccure-* FATAL: Cannot obtain memory lock
On Tue, 2008-09-09 at 23:17 -0500, Jaime Ochoa =?UTF-8?Q?Malag=C3=B3n ?= wrote: James, Bothering you again, I just try to see my files since the upgrade and have this error... WARNING: Cannot obtain memory lock: Cannot allocate memory. Assuming MAC length of 80 bits. O j: operation is not possible without initialized secure memory On the early test I just run the program but not decrypt my files... Hi, Thanks for catching this. A fixed package should be on its way to the archive right now, seccure 0.3-3, I would appreciate you verifying that it works for you as soon as possible. Apologies for not getting this right the first time around. Thanks, James -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489835: seccure-* FATAL: Cannot obtain memory lock
James, Bothering you again, I just try to see my files since the upgrade and have this error... WARNING: Cannot obtain memory lock: Cannot allocate memory. Assuming MAC length of 80 bits. O j: operation is not possible without initialized secure memory On the early test I just run the program but not decrypt my files... Do you know how could I configure my system to allow seccure to alloc memory? On Wed, Jul 30, 2008 at 10:45 AM, James Westby [EMAIL PROTECTED] wrote: On Mon, 2008-07-07 at 22:46 -0500, Jaime Ochoa Malagon wrote: I have a couple of files encrypted and whe I need to decrypt the programs file misserably... FATAL: Cannot obtain memory lock: Cannot allocate memory. That seems strange any ideas? Hi, Having spoken with someone who knows much more about this than me pam 0.99 started respecting the kernel's defaults for limits, which means that it will now refuse to let seccure lock all of it's memory. I'm going to make this bug RC, as seccure is currently completely broken, and so is not appropriate for stable. I have emailed the author to see if we can come up with a solution. Thanks, James -- Perhaps the depth of love can be calibrated by the number of different selves that are actively involved in a given relationship. Carl Sagan (Contact) Jaime Ochoa Malagón Arquitecto de Soluciones Cel: +52 (55) 1021 0774 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489835: seccure-* FATAL: Cannot obtain memory lock
On Mon, 2008-07-07 at 22:46 -0500, Jaime Ochoa Malagon wrote: Package: seccure Version: 0.3-1 Severity: important I have a couple of files encrypted and whe I need to decrypt the programs file misserably... FATAL: Cannot obtain memory lock: Cannot allocate memory. Hi debian-release, I would like permission to upload a fix for the above to unstable with the aim of transitioning to testing for inclusion in lenny. I have since upgraded this bug to grave, as the above error happens on any invocation of the program. If you give me the go-ahead then I will seek a sponsor for this upload. The debdiff is attached, hopefully the patch and changelog comments will give you enough information about the problem. Thanks, James diff -u seccure-0.3/debian/patches/00list seccure-0.3/debian/patches/00list --- seccure-0.3/debian/patches/00list +++ seccure-0.3/debian/patches/00list @@ -1,0 +2 @@ +20-mlockall-failure-non-fatal diff -u seccure-0.3/debian/changelog seccure-0.3/debian/changelog --- seccure-0.3/debian/changelog +++ seccure-0.3/debian/changelog @@ -1,3 +1,14 @@ +seccure (0.3-2) intrepid; urgency=low + + * Make failure to mlock all memory only a warning, and re-enable gcrypt's +memory locking. Changes in pam since etch mean that the kernel's defaults +for memory locking are now respected, and seccure tries to lock more +memory than that, which means that the program can't be started. The patch +is from the upstream author, who considers it a stop-gap, but doesn't +anticipate having a proper fix before lenny. (Closes: #489835) + + -- James Westby [EMAIL PROTECTED] Tue, 05 Aug 2008 13:15:18 +0100 + seccure (0.3-1) unstable; urgency=low * New upstream release. only in patch2: unchanged: --- seccure-0.3.orig/debian/patches/20-mlockall-failure-non-fatal.dpatch +++ seccure-0.3/debian/patches/20-mlockall-failure-non-fatal.dpatch @@ -0,0 +1,49 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 20-mlockall-failure-non-fatal.dpatch by [EMAIL PROTECTED] +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Changes in pam mean that seccure isn't allowed to lock all of +## DP: the memory that it wants. This patch just makes that non-fatal. +## DP: This patch is a stop-gap from the upstream developer, who is +## DP: working on a better fix. (Closes: #489835) + [EMAIL PROTECTED]@ +diff -urNad seccure-0.3~/seccure.c seccure-0.3/seccure.c +--- seccure-0.3~/seccure.c 2006-08-16 21:13:57.0 +0100 seccure-0.3/seccure.c 2008-08-05 13:05:30.0 +0100 +@@ -90,6 +90,18 @@ + #endif + } + ++void warning(const char *msg) ++{ ++ beep_on_terminal(stderr); ++ fprintf(stderr, WARNING: %s.\n, msg); ++} ++ ++void warning_errno(const char *msg, int err) ++{ ++ beep_on_terminal(stderr); ++ fprintf(stderr, WARNING: %s: %s.\n, msg, strerror(err)); ++} ++ + void fatal(const char *msg) + { + beep_on_terminal(stderr); +@@ -1061,13 +1073,15 @@ + + #if ! NOMEMLOCK + if (mlockall(MCL_CURRENT | MCL_FUTURE) 0) +-fatal_errno(Cannot obtain memory lock, errno); ++warning_errno(Cannot obtain memory lock, errno); + #endif + + /* As we already have locked all memory we don't need gcrypt's mlocking */ ++#if 0 + err = gcry_control(GCRYCTL_DISABLE_SECMEM, 0); + if (gcry_err_code(err)) + fatal_gcrypt(Cannot disable gcrypt's secure memory, err); ++#endif + + if (getuid() != geteuid()) + seteuid(getuid());
Bug#489835: seccure-* FATAL: Cannot obtain memory lock
* James Westby [Tue, 05 Aug 2008 13:28:04 +0100]: Hi debian-release, Hi James, I would like permission to upload a fix for the above to unstable with the aim of transitioning to testing for inclusion in lenny. I have since upgraded this bug to grave, as the above error happens on any invocation of the program. If you give me the go-ahead then I will seek a sponsor for this upload. The debdiff is attached, hopefully the patch and changelog comments will give you enough information about the problem. Yes, please upload. -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Listening to: Polar - Nothing left to say -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489835: seccure-* FATAL: Cannot obtain memory lock
On Mon, 2008-07-07 at 22:46 -0500, Jaime Ochoa Malagon wrote: I have a couple of files encrypted and whe I need to decrypt the programs file misserably... FATAL: Cannot obtain memory lock: Cannot allocate memory. That seems strange any ideas? Hi, This is from seccure, and not gcrypt. I can trivially reproduce it, apologies for not trying that straight away. if (mlockall(MCL_CURRENT | MCL_FUTURE) 0) fatal_errno(Cannot obtain memory lock, errno); According to the man page ENOMEM from mlockall means that the process attempted to lock more than the number of pages that are allowed to be locked by one process. I'm not sure if the limit of this has reduced at some point. Thanks, James -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489835: seccure-* FATAL: Cannot obtain memory lock
On Mon, 2008-07-07 at 22:46 -0500, Jaime Ochoa Malagon wrote: I have a couple of files encrypted and whe I need to decrypt the programs file misserably... FATAL: Cannot obtain memory lock: Cannot allocate memory. That seems strange any ideas? Hi, Having spoken with someone who knows much more about this than me pam 0.99 started respecting the kernel's defaults for limits, which means that it will now refuse to let seccure lock all of it's memory. I'm going to make this bug RC, as seccure is currently completely broken, and so is not appropriate for stable. I have emailed the author to see if we can come up with a solution. Thanks, James -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489835: seccure-* FATAL: Cannot obtain memory lock
On Mon, 2008-07-07 at 22:46 -0500, Jaime Ochoa Malagon wrote: Package: seccure Version: 0.3-1 Severity: important I have a couple of files encrypted and whe I need to decrypt the programs file misserably... FATAL: Cannot obtain memory lock: Cannot allocate memory. That seems strange any ideas? Hi, Thanks for the bug report. I haven't seen this before, so it's either new behaviour, or something about your setup. I suspect that the message is actually from libgcrypt. I shall dig in to the code to find out what this message is caused by, as I suspect that will give us some clues. Thanks, James -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489835: seccure-* FATAL: Cannot obtain memory lock
Package: seccure Version: 0.3-1 Severity: important I have a couple of files encrypted and whe I need to decrypt the programs file misserably... FATAL: Cannot obtain memory lock: Cannot allocate memory. That seems strange any ideas? -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.25-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages seccure depends on: ii libc6 2.7-12 GNU C Library: Shared libraries ii libgcrypt11 1.4.1-1LGPL Crypto library - runtime libr seccure recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]