Re: gnome-keyring Quantifying non-pageable memory and expanding if necessary
- From: Yaron Sheffer <yaronf gmx com>
- To: Stef Walter <stefw gnome org>
- Cc: "gnome-keyring-list gnome org" <gnome-keyring-list gnome org>
- Subject: Re: gnome-keyring Quantifying non-pageable memory and expanding if necessary
- Date: Fri, 15 Oct 2010 11:28:09 +0200
Hi Stef,
First ideology, then pragmatics :
Capabilities are an important security feature. It is only fair that a
security component will be among the first to drive their use in real,
packaged software. A little googling shows that people have been
considering using capabilities in packages recently, but I don't see
evidence of their being used yet.
Pragmatically, both Debian packages and RPMs include a post-install
script (postinst on Debian). The maintainers could add a line or two to
this script to set the capability on the file. If any package
maintainers are on this list, I would like to hear their opinions.
Two additional alternatives:
1. Use the the capability, but do it programatically. The demon should
be installed suid-root, and upon startup, it sets this capability on the
process, and then drops all other privileges.
2. Much more complex, but doesn't require capabilities: since the
accounting of locked pages is per-process, you can require each process
that uses the demon to allocate the locked memory itself, and "donate"
it to the demon. "mmap()" can create shared+locked areas. This should
work for all the using processes, other than Seahorse (because Seahorse
needs much more memory). But AFAIK, normal users rarely use Seahorse
directly.
Thanks,
Yaron
On 14/10/10 17:29, Stef Walter wrote:
On 2010-10-13 04:42, Yaron Sheffer wrote:
Hi Stef,
it looks like the allocation of locked pages is governed by a specific
process capability: CAP_IPC_LOCK. Capabilities can be set on the
executable at install time:
sudo setcap CAP_IPC_LOCK+ep<file>
Maybe setting this flag on the demon at install time will solve the
problem (you do NOT have to be fully privileged). Note that this
mechanism is very OS/version specific. I tried it successfully on the
attached piece of code.
Interesting. So we would set this during install, and then make note for
distributors to try and keep this somehow? But I'm not sure how well
these caps work in tarballs and packages (ie: debs and rpms).
Thanks for discovering this, but is there a second solution?
Cheers,
Stef
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]