C/C++ API for GnuPG
Joseph Bruni
jbruni@mac.com
Tue Apr 22 00:04:04 2003
Tru64 4.0, HP/UX 11i, FreeBSD 5.0, Linux 2.4, Solaris 5.8 all require root privs for mlock(). OS X 10.2 lets non-root processes call mlock() up to RLIMIT_MEMLOCK pages (whatever that is).
On Monday, April 21, 2003, at 02:18PM, Jason Harris <jharris@widomaker.com> wrote:
>On Mon, Apr 21, 2003 at 07:36:39PM +0200, Werner Koch wrote:
>> On Sat, 19 Apr 2003 17:02:27 -0400, Jason Harris said:
>>
>> > The library knows which page(s) to lock and should request that whether
>> > it runs inside GPG or another app.
>>
>> No, it can't. Under a lot of OSes it is not possible to protect
>> against paging or you need to have root capabilities to do so. Noone
>> would do this in a library.
>
>(Werner, is this from someone trying to make trouble for you? :)
>
>It can attempt it and report if it fails, no? lock_pool()
>(src/secmem.c) in libgcrypt (1.1.9) reports failed mlock()s...
>
>[sorry, but I had to make sure it was still there]
>Hey, what's this (cvs annotate output):
>
> 1.1 (wkoch 24-Jan-00): err = mlock( p, n );
> 1.1 (wkoch 24-Jan-00): err = errno;
>
>
>Also, OpenBSD's and NetBSD's man pages for mlock(2) (on websites) don't
>say root privs are specifically required. (FreeBSD could use this
>feature, w/o the hassles of ACLs/capabilities/whatever.)
>
>--
>Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
>jharris@widomaker.com | web: http://jharris.cjb.net/
>
>
--
PGP Fingerprint:
886F 6A8A 68A1 5E90 EF3F 8EFA E2B8 3F99 7343 C1E3