Allow small amount of memory be mlock()'ed by unprivileged
process?
Pietro Cerutti
gahr at FreeBSD.org
Fri May 11 07:08:10 UTC 2012
On 2012-May-10, 15:18, Xin Li wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hi,
>
> I've recently read some documents saying that some other operating
> systems would allow a small amount of memory be mlock()'ed by
> unprivileged process. This feature is useful for applications that
> needs the semantics, e.g. when requesting for memory that holds
> sensitive information like private keys, etc.
>
> The current implementation of ours would just return EPERM when caller
> is not the superuser, and enforce a limit for privileged processes
> (which is set to infinity).
>
> Is there any concern of changing this to allow a few memory pages be
> locked and remove the limit when the calling process is superuser?
I'm all for this!
--
Pietro Cerutti
The FreeBSD Project
gahr at FreeBSD.org
PGP Public Key:
http://gahr.ch/pgp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20120511/182f0423/attachment.pgp
More information about the freebsd-arch
mailing list