Allow small amount of memory be mlock()'ed by unprivileged process?
Xin Li
delphij at delphij.net
Thu May 10 22:18:21 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
I've recently read some documents saying that some other operating
systems would allow a small amount of memory be mlock()'ed by
unprivileged process. This feature is useful for applications that
needs the semantics, e.g. when requesting for memory that holds
sensitive information like private keys, etc.
The current implementation of ours would just return EPERM when caller
is not the superuser, and enforce a limit for privileged processes
(which is set to infinity).
Is there any concern of changing this to allow a few memory pages be
locked and remove the limit when the calling process is superuser?
Cheers,
- --
Xin LI <delphij at delphij.net> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
iQEcBAEBCAAGBQJPrD6rAAoJEG80Jeu8UPuzrlwIAK0e8eLvyGJgVz5E0W3Zuv+B
MnDkk33VuC8qCtHCu1a3glvFMmcmgu3firfT1cDPKOEK8wxUOcWFMNd6tkB+pMA0
2K0K2xa0VG8/dr7pbhG3yASE4A5PYMvTkLLs94Q35/BC0+mvck3lv5TZWU5mDOyg
OvynzLUT+QXPyteOPlkhYaF24O/ZrjA8xTXp+wV4pW4tJVCDrTJfohVsagIe3gpe
douPykCdO3hlWe46ovUvJ426+i0DETC/NSa0sDmYY8FksGVkovuEQD+V+t2fm40h
HyGtKRMZ95wUOea4ro35AfPzuYjkPT3JZDiWsEIMkXj4M6kADsvX/wKd24Bq1XE=
=FHpe
-----END PGP SIGNATURE-----
More information about the freebsd-arch
mailing list