mlock(2) for ordinary users
Peter Jeremy
peterjeremy at optushome.com.au
Fri Jul 21 10:40:48 UTC 2006
Currently mlock() and munlock() are restricted to the root user -
which prevents an ordinary user locking their process into RAM to the
detriment of the system as a whole. Whilst this is a valid concern,
there are good security reasons for allowing a user to lock small
amounts of memory (a few pages) to ensure that sensitive information
(private keys, passwords etc) don't wind up on swap devices.
There is a resource limit for locked pages (RLIMIT_MEMLOCK) and,
despite the man page, a quick look at the code implies that it really
is honoured. Could someone with more VM-foo please confirm whether
the last line of the man page is still correct.
I would like to suggest that the suser() tests in mlock() and
munlock() be removed and the default RLIMIT_MEMLOCK is reduced from
infinity to (say) 1. The only gotcha I can see is that lots of
sysctl() functions use RLIMIT_MEMLOCK via sysctl_wire_old_buffer()
and vslock().
Comments please.
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20060721/bbcea782/attachment.pgp
More information about the freebsd-arch
mailing list