From owner-freebsd-gnome@FreeBSD.ORG Sat Apr 12 18:22:09 2008 Return-Path: Delivered-To: gnome@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4C82D1065670 for ; Sat, 12 Apr 2008 18:22:09 +0000 (UTC) (envelope-from cokane@freebsd.org) Received: from QMTA10.emeryville.ca.mail.comcast.net (qmta10.emeryville.ca.mail.comcast.net [76.96.30.17]) by mx1.freebsd.org (Postfix) with ESMTP id 09C7B8FC1A for ; Sat, 12 Apr 2008 18:22:08 +0000 (UTC) (envelope-from cokane@freebsd.org) Received: from OMTA09.emeryville.ca.mail.comcast.net ([76.96.30.20]) by QMTA10.emeryville.ca.mail.comcast.net with comcast id ChUd1Z0050S2fkCAA09C00; Sat, 12 Apr 2008 18:21:31 +0000 Received: from discordia ([24.60.135.75]) by OMTA09.emeryville.ca.mail.comcast.net with comcast id CiN71Z0041dmTCQ8V00000; Sat, 12 Apr 2008 18:22:08 +0000 X-Authority-Analysis: v=1.0 c=1 a=LeH6XzfVAAAA:8 a=NqlSHwXEEdpcDm0LIkYA:9 a=PNjOoN2_YS62uT7MOCvviczNgKoA:4 a=LY0hPdMaydYA:10 a=oMuxydzofz5-g_hMO6kA:9 a=JuE3cxz1qZV5GJwKWBSnGIoseCMA:4 a=rPt6xJ-oxjAA:10 Received: by discordia (Postfix, from userid 103) id 162E41636F9; Sat, 12 Apr 2008 14:22:07 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 3.1.8-gr1 (2007-02-13) on discordia X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.1.8-gr1 Received: from [172.20.1.3] (erwin.int.cokane.org [172.20.1.3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by discordia (Postfix) with ESMTP id 4F5F11636F8; Sat, 12 Apr 2008 14:21:50 -0400 (EDT) From: Coleman Kane To: Joe Marcus Clarke In-Reply-To: <1208022694.82222.25.camel@shumai.marcuscom.com> References: <47FD09AC.2020907@FreeBSD.org> <1207776230.61729.28.camel@shumai.marcuscom.com> <47FD34E8.2000005@FreeBSD.org> <1207872846.87478.38.camel@shumai.marcuscom.com> <47FF66E3.8000304@FreeBSD.org> <47FF722B.109@FreeBSD.org> <1207929297.55415.13.camel@shumai.marcuscom.com> <1208018626.10093.7.camel@localhost> <1208021918.82222.18.camel@shumai.marcuscom.com> <1208022694.82222.25.camel@shumai.marcuscom.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-hYee265QJkydW8rIMtxI" Organization: FreeBSD Project Date: Sat, 12 Apr 2008 14:21:31 -0400 Message-Id: <1208024491.1327.5.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.22.1 FreeBSD GNOME Team Port Cc: gnome@freebsd.org, imp@freebsd.org Subject: Re: Seahorse issues X-BeenThere: freebsd-gnome@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GNOME for FreeBSD -- porting and maintaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Apr 2008 18:22:09 -0000 --=-hYee265QJkydW8rIMtxI Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sat, 2008-04-12 at 13:51 -0400, Joe Marcus Clarke wrote: > On Sat, 2008-04-12 at 13:38 -0400, Joe Marcus Clarke wrote: > > On Sat, 2008-04-12 at 12:43 -0400, Coleman Kane wrote: > > >=20 > > > As for the mlock() privilege issue, I am not sure what we'll do about > > > that. It would be nice, at some point, to support that feature for > > > normal users. As long as I'm diligent about my swap-space, etc... and > > > access to my workstation, I'm *pretty* secure. Things like common-use > > > lab computers, etc... are probably more appropriate for this feature. > >=20 > > Since we already have an rlimit for locked memory (RLIMIT_MEMLOCK), and > > it is used by the mlock(2) syscall, what about the attached patch to ad= d > > a sysctl to control user access to mlock (but not allowing mlockall(2))= ? > > This has been tested to fix the gnome-keyring issue when the sysctl is > > set to 1. If this is agreeable, I can add some manpage docs as well. >=20 > Minor modification to allow munlock(2) as well as mlock(2). >=20 > http://www.marcuscom.com/downloads/vm_mmap.c.diff >=20 > Joe >=20 I've reviewed these patches, and also read up on the Linux 2.6.9+ implementation, as well as referred to various documentations about it. I'd like to float an email to current@ and see what comes up there regarding unprivileged mlock(2). There might already be a "more proper" approach that just isn't being employed. The one thing that worries me is whether or not this could be used by a local user to bring about a DoS on a machine. I *think* that, if you set the hard limit during startup, then enforce a good soft-limit, then you'll be pretty safe. Anyhow, I'll see what sort of comments I can get. -- Coleman Kane --=-hYee265QJkydW8rIMtxI Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (FreeBSD) iEYEABECAAYFAkgA/aYACgkQcMSxQcXat5ezTwCeIGkvNU1pBN/0f4k0OcYjJfno b7sAn2zsXkps0Fm8H0ouM2Q/ZTLC6vBP =538F -----END PGP SIGNATURE----- --=-hYee265QJkydW8rIMtxI--