From owner-freebsd-security@FreeBSD.ORG Thu Sep 27 15:25:30 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CCE94106566C for ; Thu, 27 Sep 2012 15:25:30 +0000 (UTC) (envelope-from simon@qxnitro.org) Received: from mail-ie0-f182.google.com (mail-ie0-f182.google.com [209.85.223.182]) by mx1.freebsd.org (Postfix) with ESMTP id 8A4868FC0C for ; Thu, 27 Sep 2012 15:25:30 +0000 (UTC) Received: by ieak10 with SMTP id k10so6601545iea.13 for ; Thu, 27 Sep 2012 08:25:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qxnitro.org; s=google; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=fYZitsD1hLffzrPWMg1oGAZ/EE7rDuf/M1Hl0tPqZjI=; b=SNaGLBilQIonk1dkvf/GbRVWTVpwTi8AnzCpANqAxJiOKBtZqN3vtOrnd2bfGZF18V YHD2N2yl1cB5t21xCZovgG7GcYktzbdMgx1VWNCHm1nl9zis7bCyDwrAPScaqQuZ/12e PHcsl83iKpgBtXYLtP4yikE3JLU3cizr+EwB8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :x-gm-message-state; bh=fYZitsD1hLffzrPWMg1oGAZ/EE7rDuf/M1Hl0tPqZjI=; b=oxT9COjJHzvYYG4ieYrg3swKJLhZJtkf2/QKClejpTSW3WUthake50CngV+HoVeBU/ fEVpmb+We4/CGxjOBeEuWjNWJPphnSluPCCX9HJV67yhMXRqLnDUykCIl8zRVshw6jyH 1ML/tItXfmoAjXsE8HJoUctD2YVWX/PLsijx4wH4tUADxVFUDkFWVNUc9idSxeyWqiJz lzhXgBaDm+F+oUEp5XIk+yHm2UjtCmSUD4yJsq6VbE6PYgvkJO6Va9L5OsLagPZOy/e2 FcDSgVgzp4Lfet9Gg3+SgKRd2o7/zIIsb6ySCyKYRmSAEIqkhBR29IJas4W8D/pZTd2R Le3g== MIME-Version: 1.0 Received: by 10.50.160.228 with SMTP id xn4mr1948148igb.1.1348759529690; Thu, 27 Sep 2012 08:25:29 -0700 (PDT) Sender: simon@qxnitro.org Received: by 10.64.51.40 with HTTP; Thu, 27 Sep 2012 08:25:29 -0700 (PDT) X-Originating-IP: [2620:0:1040:201:1990:a69e:c95:8fc7] In-Reply-To: <50619E5D.3010503@FreeBSD.org> References: <50619E5D.3010503@FreeBSD.org> Date: Thu, 27 Sep 2012 16:25:29 +0100 X-Google-Sender-Auth: -kWnsa66YsL_4Zx8vR5AUYAoBVk Message-ID: From: "Simon L. B. Nielsen" To: Andrey Zonov Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQll6fdoEHLfOu7CH0GRrqE0R/+aviT15txtV160e4csw1zW9GaWAy2sRoZnGu9uLkvq8USL Cc: freebsd-security@freebsd.org Subject: Re: [patch] unprivileged mlock(2) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Sep 2012 15:25:30 -0000 On Tue, Sep 25, 2012 at 1:06 PM, Andrey Zonov wrote: > Hi, > > Please review this patch [1] which allows unprivileged users call > mlock()/munlock() and mlockall()/munlockall(). > > AFAIK, these calls were not allowed for every-one because accounting for > mlockall(MCL_FUTURE) was not implemented. I can't comment on the implementation details (don't know much about VM system), but do you have tests to show that the new code actually works in preventing users from mlocking more than 8MB by default? -- Simon L. B. Nielsen