From owner-freebsd-arch@FreeBSD.ORG Fri Jul 21 10:40:48 2006 Return-Path: X-Original-To: freebsd-arch@freebsd.org Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B2EB16A4DE for ; Fri, 21 Jul 2006 10:40:48 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from mail11.syd.optusnet.com.au (mail11.syd.optusnet.com.au [211.29.132.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 13C7543D45 for ; Fri, 21 Jul 2006 10:40:46 +0000 (GMT) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail11.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id k6LAei05021798 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Fri, 21 Jul 2006 20:40:45 +1000 Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.13.6/8.13.6) with ESMTP id k6LAeiVB001613 for ; Fri, 21 Jul 2006 20:40:44 +1000 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.13.6/8.13.6/Submit) id k6LAeiZQ001612 for freebsd-arch@freebsd.org; Fri, 21 Jul 2006 20:40:44 +1000 (EST) (envelope-from peter) Date: Fri, 21 Jul 2006 20:40:44 +1000 From: Peter Jeremy To: freebsd-arch@freebsd.org Message-ID: <20060721104044.GB728@turion.vk2pj.dyndns.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="GID0FwUMdk1T2AWN" Content-Disposition: inline X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.11 Subject: mlock(2) for ordinary users X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jul 2006 10:40:48 -0000 --GID0FwUMdk1T2AWN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Currently mlock() and munlock() are restricted to the root user - which prevents an ordinary user locking their process into RAM to the detriment of the system as a whole. Whilst this is a valid concern, there are good security reasons for allowing a user to lock small amounts of memory (a few pages) to ensure that sensitive information (private keys, passwords etc) don't wind up on swap devices. There is a resource limit for locked pages (RLIMIT_MEMLOCK) and, despite the man page, a quick look at the code implies that it really is honoured. Could someone with more VM-foo please confirm whether the last line of the man page is still correct. I would like to suggest that the suser() tests in mlock() and munlock() be removed and the default RLIMIT_MEMLOCK is reduced from infinity to (say) 1. The only gotcha I can see is that lots of sysctl() functions use RLIMIT_MEMLOCK via sysctl_wire_old_buffer() and vslock(). Comments please. --=20 Peter Jeremy --GID0FwUMdk1T2AWN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (FreeBSD) iD8DBQFEwK8q/opHv/APuIcRAhCGAJ4+CkNN8K/bJDda3BlCLFh3gCsxcwCeNeqr a8S48ah08wOV/5k37N9o+yo= =Xaxb -----END PGP SIGNATURE----- --GID0FwUMdk1T2AWN--