Re: disable-cap-mlock

From: Rik van Riel
Date: Thu Apr 01 2004 - 14:48:06 EST

Next message: Andrew Morton: "Re: disable-cap-mlock"
Previous message: Christoph Hellwig: "Re: CONFIG_DEBUG_PAGEALLOC and virt_addr_valid()"
In reply to: William Lee Irwin III: "Re: disable-cap-mlock"
Next in thread: Andrew Morton: "Re: disable-cap-mlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 1 Apr 2004, Andrea Arcangeli wrote:

> This is a lot simpler than the mlock rlimit and this is people really
> need (not the rlimit). The rlimit thing can still be applied on top of
> this. This should be more efficient too (besides its simplicity).

What use is this patch ?

One of the main reasons for the mlock rlimit is so that
security conscious people can let normal users' gpg
mlock a few pages.

This patch isn't usable for that at all, since switching
the sysctl on would just open up the system to an easy
deadlock by any user. Definately not something any
security conscious admin would want to enable ...

--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: disable-cap-mlock"
Previous message: Christoph Hellwig: "Re: CONFIG_DEBUG_PAGEALLOC and virt_addr_valid()"
In reply to: William Lee Irwin III: "Re: disable-cap-mlock"
Next in thread: Andrew Morton: "Re: disable-cap-mlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]