Re: gnome-keyring Quantifying non-pageable memory and expanding if necessary

From: Yaron Sheffer <yaronf gmx com>
To: Stef Walter <stefw gnome org>
Cc: "gnome-keyring-list gnome org" <gnome-keyring-list gnome org>
Subject: Re: gnome-keyring Quantifying non-pageable memory and expanding if necessary
Date: Fri, 15 Oct 2010 11:28:09 +0200

 Hi Stef,

First ideology, then pragmatics :

Capabilities are an important security feature. It is only fair that asecurity component will be among the first to drive their use in real,packaged software. A little googling shows that people have beenconsidering using capabilities in packages recently, but I don't seeevidence of their being used yet.

Pragmatically, both Debian packages and RPMs include a post-installscript (postinst on Debian). The maintainers could add a line or two tothis script to set the capability on the file. If any packagemaintainers are on this list, I would like to hear their opinions.


Two additional alternatives:

1. Use the the capability, but do it programatically. The demon shouldbe installed suid-root, and upon startup, it sets this capability on theprocess, and then drops all other privileges.

2. Much more complex, but doesn't require capabilities: since theaccounting of locked pages is per-process, you can require each processthat uses the demon to allocate the locked memory itself, and "donate"it to the demon. "mmap()" can create shared+locked areas. This shouldwork for all the using processes, other than Seahorse (because Seahorseneeds much more memory). But AFAIK, normal users rarely use Seahorsedirectly.


Thanks,
    Yaron

On 14/10/10 17:29, Stef Walter wrote:

On 2010-10-13 04:42, Yaron Sheffer wrote:

  Hi Stef,

it looks like the allocation of locked pages is governed by a specific
process capability: CAP_IPC_LOCK. Capabilities can be set on the
executable at install time:

sudo setcap CAP_IPC_LOCK+ep<file>

Maybe setting this flag on the demon at install time will solve the
problem (you do NOT have to be fully privileged). Note that this
mechanism is very OS/version specific. I tried it successfully on the
attached piece of code.

Interesting. So we would set this during install, and then make note for
distributors to try and keep this somehow? But I'm not sure how well
these caps work in tarballs and packages (ie: debs and rpms).

Thanks for discovering this, but is there a second solution?

Cheers,

Stef

References:
- Re: gnome-keyring Quantifying non-pageable memory and expanding if necessary
  - From: Stef Walter
- Re: gnome-keyring Quantifying non-pageable memory and expanding if necessary
  - From: Yaron Sheffer
- Re: gnome-keyring Quantifying non-pageable memory and expanding if necessary
  - From: Stef Walter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]