From owner-freebsd-security@FreeBSD.ORG Thu Oct 4 11:01:50 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E0B22106566C for ; Thu, 4 Oct 2012 11:01:49 +0000 (UTC) (envelope-from andrey@zonov.org) Received: from mail-la0-f54.google.com (mail-la0-f54.google.com [209.85.215.54]) by mx1.freebsd.org (Postfix) with ESMTP id 53BDA8FC08 for ; Thu, 4 Oct 2012 11:01:48 +0000 (UTC) Received: by mail-la0-f54.google.com with SMTP id e12so164874lag.13 for ; Thu, 04 Oct 2012 04:01:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :x-gm-message-state; bh=Fc1L9LwQ328oIOXGkZSsXnihtthHiF5KyS+0wAAF+cw=; b=exMuAFvSTxRqTlyMhR5A4vZ8+dolm16H7Xi0YJ0aOlj3tyeet5cPZps5/9sRCNMk4m sf+boW5Q4dzn3qcpE7sRcl9siUV+Y5F5Z9IE3MGz37XSAZ7YvAtQZChQWJlCtBlIBOzS sa0WNETVPtOt0CJLkDt4JnSBl3HEjA9vbmdgt5gNHjN064atvVVp9Cqc/TX4+8JM+AWq hOa9RZiiui+yeCVmhFBLaa9FyJF5jz7sOMJCbezcAulHTl9TYKxLdfKdZriUcDuMIude 41kM+52bhlPWr8MSVIsHYE9/tlrIuukHdr1vKwqFXlXBEL4xT4IJFq2ELctmEemTQugt iPCQ== Received: by 10.112.38.163 with SMTP id h3mr2599326lbk.130.1349348508024; Thu, 04 Oct 2012 04:01:48 -0700 (PDT) Received: from dhcp170-82-red.yandex.net ([2a02:6b8:0:401:9d1e:ceb1:926d:3e20]) by mx.google.com with ESMTPS id d1sm2181666lbh.7.2012.10.04.04.01.46 (version=SSLv3 cipher=OTHER); Thu, 04 Oct 2012 04:01:46 -0700 (PDT) Sender: Andrey Zonov Message-ID: <506D6C96.7050408@FreeBSD.org> Date: Thu, 04 Oct 2012 15:01:42 +0400 From: Andrey Zonov User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:15.0) Gecko/20120907 Thunderbird/15.0.1 MIME-Version: 1.0 To: "Simon L. B. Nielsen" References: <50619E5D.3010503@FreeBSD.org> <5065A51B.6010905@FreeBSD.org> In-Reply-To: <5065A51B.6010905@FreeBSD.org> X-Enigmail-Version: 1.4.4 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig1006662FCC9A90D3E8FF85E7" X-Gm-Message-State: ALoCoQlV105lA4Km+H3/qvjHlk4a/f/TWdKqJLkjqsDvfhhCifINB1h+oNVEemv9l0AeLwViROo3 Cc: freebsd-security@freebsd.org Subject: Re: [patch] unprivileged mlock(2) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2012 11:01:50 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig1006662FCC9A90D3E8FF85E7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 9/28/12 5:24 PM, Andrey Zonov wrote: > On 9/27/12 7:25 PM, Simon L. B. Nielsen wrote: >> On Tue, Sep 25, 2012 at 1:06 PM, Andrey Zonov wrote= : >>> Hi, >>> >>> Please review this patch [1] which allows unprivileged users call >>> mlock()/munlock() and mlockall()/munlockall(). >>> >>> AFAIK, these calls were not allowed for every-one because accounting = for >>> mlockall(MCL_FUTURE) was not implemented. >> >> I can't comment on the implementation details (don't know much about >> VM system), but do you have tests to show that the new code actually >> works in preventing users from mlocking more than 8MB by default? >> >=20 > Sure, test is attached. >=20 Hi Simon, Have you got a chance to look at that? --=20 Andrey Zonov --------------enig1006662FCC9A90D3E8FF85E7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQbWyZAAoJEBWLemxX/CvTV1cH/izvL+mEhRdtJPyk/diGngl9 j6wancGIRKfQxKjrmBLrUsZiPKbpb6R/bIghJd/1U0NJuF4ZGgDX4DfoZW4H4wGQ K34v8F7GEaA9V42x7zKSdv6gfdcbGZzTDWCqRjiaLVHHYh3OHvlguD5/gHIUTDmm tYihcSTtAIvj05Og1ZarZQSezYU5LKbGo920JgZH0AC3EnM9GcH6UmJXQ/g0nLNf GjECDASPnrYB87me/loToQxzOz+NfoY4pbZ0JTpd2zWsu/hRA2A1NthbMrD27hMR slB8saA3Ybhx0QkLnr4ixx1rInmx27dWua4vqZVtfUrOp73huBINMxGQPmZXP9o= =p1Qk -----END PGP SIGNATURE----- --------------enig1006662FCC9A90D3E8FF85E7--