Re: enabling mlock for non-root
Markus Gutschke (email@example.com)
31 Aug 1996 11:18:43 +0200
Robert Bihlmeyer <firstname.lastname@example.org> writes:
> The max locked-in-memory size is governed by a resource limit
> (RLIMIT_MEMLOCK). The default limit is 4 pages, which should suffice
> for security-applications. RT programs that need more mlock-able
> space, would be run under root anyway, and root, as usual, can raise
> or lower limits ad lib.
There should be a system-wide limit on the total amount of mlock'ed
pages and/or a limit on the total amount of pages that a user can
mlock at any given time. If you do not enforce these limits, then
launching a denial of service attack is possible by forking off lots
of processes that perform mlock. Of course, this is partly remedied by
the limit on the amount of user processess.