C/C++ API for GnuPG

Joseph Bruni jbruni@mac.com
Tue Apr 22 00:04:04 2003

Tru64 4.0, HP/UX 11i, FreeBSD 5.0, Linux 2.4, Solaris 5.8 all require root privs for mlock(). OS X 10.2 lets non-root processes call mlock() up to RLIMIT_MEMLOCK pages (whatever that is).

On Monday, April 21, 2003, at 02:18PM, Jason Harris <jharris@widomaker.com> wrote:

>On Mon, Apr 21, 2003 at 07:36:39PM +0200, Werner Koch wrote:
>> On Sat, 19 Apr 2003 17:02:27 -0400, Jason Harris said:
>> > The library knows which page(s) to lock and should request that whether
>> > it runs inside GPG or another app.
>> No, it can't.  Under a lot of OSes it is not possible to protect
>> against paging or you need to have root capabilities to do so.  Noone
>> would do this in a library.
>(Werner, is this from someone trying to make trouble for you?  :)
>It can attempt it and report if it fails, no?  lock_pool()
>(src/secmem.c) in libgcrypt (1.1.9) reports failed mlock()s...
>[sorry, but I had to make sure it was still there]
>Hey, what's this (cvs annotate output):
>  1.1          (wkoch    24-Jan-00):     err = mlock( p, n );
>  1.1          (wkoch    24-Jan-00):      err = errno;
>Also, OpenBSD's and NetBSD's man pages for mlock(2) (on websites) don't
>say root privs are specifically required.  (FreeBSD could use this
>feature, w/o the hassles of ACLs/capabilities/whatever.)
>Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
>jharris@widomaker.com | web:  http://jharris.cjb.net/

PGP Fingerprint:
886F 6A8A 68A1 5E90 EF3F  8EFA E2B8 3F99 7343 C1E3