[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Failing {lib,}gnome-keyring tests: How to make mlock/munlock availab

From: Svante Signell
Subject: Re: Failing {lib,}gnome-keyring tests: How to make mlock/munlock available to non-root?
Date: Wed, 15 Oct 2014 10:56:41 +0200

On Wed, 2014-10-15 at 10:06 +0200, Samuel Thibault wrote:
> Svante Signell, le Wed 15 Oct 2014 09:57:21 +0200, a écrit :
> > See also https://lists.debian.org/debian-devel/2014/10/msg00201.html for
> > a discussion on the topic.
> I can't understand why you proposed to use setuid in order to keep
> secrets, but oh well.

I did not seriously propose to use setuid, it was mostly a way to get
answers about security issues of setuid programs, and I got plenty of

> To get mlock available to user should be a matter of making gnumach
> accept vm_wire calls with hostpriv == 0. The amount of such locked
> memory shall however be accounted and limited. The default on my Linux
> system is 64KB.

Isn't it dangerous to remove/special case on 
       if (host == HOST_NULL)
                return KERN_INVALID_HOST;
in vm_wire.c?

And where to place the defaults and ulimit checks, vm_wire.c or

BTW: ulimit() is obsolete, one should use getrlimit() and setrlimit()
nowadays, according to the manpage.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]