Date: Fri, 11 May 2012 09:54:06 +0200 From: Pietro Cerutti <gahr@FreeBSD.org> To: d@delphij.net Cc: freebsd-arch@freebsd.org Subject: Re: Allow small amount of memory be mlock()'ed by unprivileged process? Message-ID: <20120511075406.GC1333@gahrfit.gahr.ch> In-Reply-To: <20120511063322.GA1333@gahrfit.gahr.ch> References: <4FAC3EAB.6050303@delphij.net> <20120511063322.GA1333@gahrfit.gahr.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
--Fba/0zbH8Xs+Fj9o Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2012-May-11, 08:33, Pietro Cerutti wrote: > On 2012-May-10, 15:18, Xin Li wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > >=20 > > Hi, > >=20 > > I've recently read some documents saying that some other operating > > systems would allow a small amount of memory be mlock()'ed by > > unprivileged process. This feature is useful for applications that > > needs the semantics, e.g. when requesting for memory that holds > > sensitive information like private keys, etc. > >=20 > > The current implementation of ours would just return EPERM when caller > > is not the superuser, and enforce a limit for privileged processes > > (which is set to infinity). > >=20 > > Is there any concern of changing this to allow a few memory pages be > > locked and remove the limit when the calling process is superuser? >=20 > I'm all for this! + possibly limiting the number of pages per user, =C3=A0 la maxprocperuid. --=20 Pietro Cerutti The FreeBSD Project gahr@FreeBSD.org PGP Public Key: http://gahr.ch/pgp --Fba/0zbH8Xs+Fj9o Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk+sxZ0ACgkQwMJqmJVx945fsQCfXsaNiUW9oHiB91uCMbMrOnlG nyYAoLxSqe+ump7oIZQbk6JHw99iQPq9 =qzjy -----END PGP SIGNATURE----- --Fba/0zbH8Xs+Fj9o--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120511075406.GC1333>