lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20080502011233.GB4018@sequoia.sous-sol.org>
Date:	Thu, 1 May 2008 18:12:43 -0700
From:	Chris Wright <chrisw@...s-sol.org>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Josselin Mouette <joss@...ian.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Increase the default RLIMIT_MEMLOCK

* Andrew Morton (akpm@...ux-foundation.org) wrote:
> > --- include/linux/resource.h.orig	2008-04-27 21:15:47.000000000 +0200
> > +++ include/linux/resource.h	2008-04-27 21:23:06.000000000 +0200
> > @@ -58,10 +58,11 @@
> >  #define _STK_LIM	(8*1024*1024)
> >  
> >  /*
> > - * GPG wants 32kB of mlocked memory, to make sure pass phrases
> > - * and other sensitive information are never written to disk.
> > + * The biggest widespread mlocked memory consumer is 
> > + * gnome-keyring-manager. It needs 256kB to make sure SSH/GPG 
> > + * passphrases and network passwords are never written to disk.
> >   */
> > -#define MLOCK_LIMIT	(8 * PAGE_SIZE)
> > +#define MLOCK_LIMIT	(64 * PAGE_SIZE)
> 
> gee, it seems rather arbitrary.  Perhaps we should have set it to zero on
> day one to _force_ distributors to set an appropriate RLIMIT_MEMLOCK in
> init.

Yes, it is fairly arbitrary.  The motivation was gpg, but in fact when
the patchset started gpg had already changed from 1 page to 8 pages.

http://thread.gmane.org/gmane.linux.kernel/222613/focus=222681

> We can do this of course, but does it actually help anything?  Perhaps it's
> actually a bad thing, permitting userspace developers to rely upon kernel
> defaults rather than setting things they way they should be set?

We don't want to keep changing at whim of random apps, agreed.  Feels
like a distro issue, since kernel can't even know what apps might run,
and using 8 pages was just a courtesy hint to distros.

thanks,
-chris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ