Re: enabling mlock for non-root

Markus Gutschke (gutschk@uni-muenster.de)
31 Aug 1996 11:18:43 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: goemon@anime.net: "Re: arp_req_set() panic with bad ether address"
Previous message: babydr: "Re: Now for something entirely different - CPU-fans."

Robert Bihlmeyer <robbe@orcus.ping.at> writes:
> The max locked-in-memory size is governed by a resource limit
> (RLIMIT_MEMLOCK). The default limit is 4 pages, which should suffice
> for security-applications. RT programs that need more mlock-able
> space, would be run under root anyway, and root, as usual, can raise
> or lower limits ad lib.

There should be a system-wide limit on the total amount of mlock'ed
pages and/or a limit on the total amount of pages that a user can
mlock at any given time. If you do not enforce these limits, then
launching a denial of service attack is possible by forking off lots
of processes that perform mlock. Of course, this is partly remedied by
the limit on the amount of user processess.

Markus

Next message: goemon@anime.net: "Re: arp_req_set() panic with bad ether address"
Previous message: babydr: "Re: Now for something entirely different - CPU-fans."