From owner-freebsd-arch@FreeBSD.ORG Fri May 11 07:54:09 2012 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AA47B1065670 for ; Fri, 11 May 2012 07:54:09 +0000 (UTC) (envelope-from gahr@FreeBSD.org) Received: from cpanel05.rubas-s05.net (cpanel05.rubas-s05.net [195.182.222.75]) by mx1.freebsd.org (Postfix) with ESMTP id 57CC08FC0A for ; Fri, 11 May 2012 07:54:09 +0000 (UTC) Received: from 175-3.192-178.cust.bluewin.ch ([178.192.3.175] helo=gahrfit.gahr.ch) by cpanel05.rubas-s05.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1SSkfw-000715-3l; Fri, 11 May 2012 09:54:08 +0200 Date: Fri, 11 May 2012 09:54:06 +0200 From: Pietro Cerutti To: d@delphij.net Message-ID: <20120511075406.GC1333@gahrfit.gahr.ch> References: <4FAC3EAB.6050303@delphij.net> <20120511063322.GA1333@gahrfit.gahr.ch> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Fba/0zbH8Xs+Fj9o" Content-Disposition: inline In-Reply-To: <20120511063322.GA1333@gahrfit.gahr.ch> X-PGP-Key: 0x9571F78E X-PGP-Fingerprint: 1203 92B5 3919 AF84 9B97 28D6 C0C2 6A98 9571 F78E User-Agent: Mutt/1.5.21 (2010-09-15) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cpanel05.rubas-s05.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - FreeBSD.org X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-arch@freebsd.org Subject: Re: Allow small amount of memory be mlock()'ed by unprivileged process? X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: gahr@FreeBSD.org List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 May 2012 07:54:09 -0000 --Fba/0zbH8Xs+Fj9o Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2012-May-11, 08:33, Pietro Cerutti wrote: > On 2012-May-10, 15:18, Xin Li wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > >=20 > > Hi, > >=20 > > I've recently read some documents saying that some other operating > > systems would allow a small amount of memory be mlock()'ed by > > unprivileged process. This feature is useful for applications that > > needs the semantics, e.g. when requesting for memory that holds > > sensitive information like private keys, etc. > >=20 > > The current implementation of ours would just return EPERM when caller > > is not the superuser, and enforce a limit for privileged processes > > (which is set to infinity). > >=20 > > Is there any concern of changing this to allow a few memory pages be > > locked and remove the limit when the calling process is superuser? >=20 > I'm all for this! + possibly limiting the number of pages per user, =C3=A0 la maxprocperuid. --=20 Pietro Cerutti The FreeBSD Project gahr@FreeBSD.org PGP Public Key: http://gahr.ch/pgp --Fba/0zbH8Xs+Fj9o Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk+sxZ0ACgkQwMJqmJVx945fsQCfXsaNiUW9oHiB91uCMbMrOnlG nyYAoLxSqe+ump7oIZQbk6JHw99iQPq9 =qzjy -----END PGP SIGNATURE----- --Fba/0zbH8Xs+Fj9o--