Re: Which package is responsible for setting rlimits?

To: debian-devel@lists.debian.org
Subject: Re: Which package is responsible for setting rlimits?
From: Simon McVittie <smcv@debian.org>
Date: Mon, 1 Feb 2021 18:57:52 +0000
Message-id: <[🔎] YBhPMK99dQA7i56D@momentum.pseudorandom.co.uk>
In-reply-to: <[🔎] 87tuqvlllb.fsf@hope.eyrie.org>
References: <YBgJIUVs/IeDgUYR@momentum.pseudorandom.co.uk> <[🔎] 87tuqvlllb.fsf@hope.eyrie.org>

On Mon, 01 Feb 2021 at 09:54:56 -0800, Russ Allbery wrote:
> Simon McVittie <smcv@debian.org> writes:
> > The wider context here is that gnome-keyring-daemon, GNOME's
> > implementation of the org.freedesktop.Secrets interface, is currently
> > setcap cap_ipc_lock=ep so that it can mlock(2) secrets and stop them
> > from getting swapped out.
> 
> Does this serve any useful purpose?

Honestly, probably not, but removing security hardening (however dubious)
is a regression, and if I remove it I'm sure there'll be a CVE ID on the
way shortly.

> If someone cares about this type of
> security, they should put swap on an encrypted file system

Sure, you know that, and I know that, but existing systems don't have it.

    smcv

Reply to:

Follow-Ups:
- Re: Which package is responsible for setting rlimits?
  - From: Russ Allbery <rra@debian.org>

References:
- Which package is responsible for setting rlimits?
  - From: Simon McVittie <smcv@debian.org>
- Re: Which package is responsible for setting rlimits?
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: Which package is responsible for setting rlimits?
Next by Date: Re: Which package is responsible for setting rlimits?
Previous by thread: Re: Which package is responsible for setting rlimits?
Next by thread: Re: Which package is responsible for setting rlimits?
Index(es):
- Date
- Thread