Date: Fri, 11 May 2012 08:33:23 +0200 From: Pietro Cerutti <gahr@FreeBSD.org> To: d@delphij.net Cc: freebsd-arch@freebsd.org Subject: Re: Allow small amount of memory be mlock()'ed by unprivileged process? Message-ID: <20120511063322.GA1333@gahrfit.gahr.ch> In-Reply-To: <4FAC3EAB.6050303@delphij.net> References: <4FAC3EAB.6050303@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 2012-May-10, 15:18, Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hi, > > I've recently read some documents saying that some other operating > systems would allow a small amount of memory be mlock()'ed by > unprivileged process. This feature is useful for applications that > needs the semantics, e.g. when requesting for memory that holds > sensitive information like private keys, etc. > > The current implementation of ours would just return EPERM when caller > is not the superuser, and enforce a limit for privileged processes > (which is set to infinity). > > Is there any concern of changing this to allow a few memory pages be > locked and remove the limit when the calling process is superuser? I'm all for this! -- Pietro Cerutti The FreeBSD Project gahr@FreeBSD.org PGP Public Key: http://gahr.ch/pgp [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk+ssrAACgkQwMJqmJVx947tXACcD/nYKnwww09EPuld4Q5W80Wb NO0An1Y8iGbHgoCgEqzr4ZyDUcxYGPeK =auX9 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120511063322.GA1333>