Allow small amount of memory be mlock()'ed by unprivileged
process?
Pietro Cerutti
gahr at FreeBSD.org
Fri May 11 07:54:09 UTC 2012
On 2012-May-11, 08:33, Pietro Cerutti wrote:
> On 2012-May-10, 15:18, Xin Li wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > Hi,
> >
> > I've recently read some documents saying that some other operating
> > systems would allow a small amount of memory be mlock()'ed by
> > unprivileged process. This feature is useful for applications that
> > needs the semantics, e.g. when requesting for memory that holds
> > sensitive information like private keys, etc.
> >
> > The current implementation of ours would just return EPERM when caller
> > is not the superuser, and enforce a limit for privileged processes
> > (which is set to infinity).
> >
> > Is there any concern of changing this to allow a few memory pages be
> > locked and remove the limit when the calling process is superuser?
>
> I'm all for this!
+ possibly limiting the number of pages per user, à la maxprocperuid.
--
Pietro Cerutti
The FreeBSD Project
gahr at FreeBSD.org
PGP Public Key:
http://gahr.ch/pgp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20120511/8ebea608/attachment.pgp
More information about the freebsd-arch
mailing list