Date: Thu, 10 May 2012 15:18:19 -0700 From: Xin Li <delphij@delphij.net> To: freebsd-arch@freebsd.org Cc: d@delphij.net Subject: Allow small amount of memory be mlock()'ed by unprivileged process? Message-ID: <4FAC3EAB.6050303@delphij.net>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, I've recently read some documents saying that some other operating systems would allow a small amount of memory be mlock()'ed by unprivileged process. This feature is useful for applications that needs the semantics, e.g. when requesting for memory that holds sensitive information like private keys, etc. The current implementation of ours would just return EPERM when caller is not the superuser, and enforce a limit for privileged processes (which is set to infinity). Is there any concern of changing this to allow a few memory pages be locked and remove the limit when the calling process is superuser? Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBCAAGBQJPrD6rAAoJEG80Jeu8UPuzrlwIAK0e8eLvyGJgVz5E0W3Zuv+B MnDkk33VuC8qCtHCu1a3glvFMmcmgu3firfT1cDPKOEK8wxUOcWFMNd6tkB+pMA0 2K0K2xa0VG8/dr7pbhG3yASE4A5PYMvTkLLs94Q35/BC0+mvck3lv5TZWU5mDOyg OvynzLUT+QXPyteOPlkhYaF24O/ZrjA8xTXp+wV4pW4tJVCDrTJfohVsagIe3gpe douPykCdO3hlWe46ovUvJ426+i0DETC/NSa0sDmYY8FksGVkovuEQD+V+t2fm40h HyGtKRMZ95wUOea4ro35AfPzuYjkPT3JZDiWsEIMkXj4M6kADsvX/wKd24Bq1XE= =FHpe -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FAC3EAB.6050303>