Merge lp:~khurshid-alam/unity-greeter/systemd-240-fix into lp:unity-greeter
Status: | Merged | ||||
---|---|---|---|---|---|
Merge reported by: | Sebastien Bacher | ||||
Merged at revision: | not available | ||||
Proposed branch: | lp:~khurshid-alam/unity-greeter/systemd-240-fix | ||||
Merge into: | lp:unity-greeter | ||||
Diff against target: |
36 lines (+24/-2) 1 file modified
src/unity-greeter.vala (+24/-2) |
||||
To merge this branch: | bzr merge lp:~khurshid-alam/unity-greeter/systemd-240-fix | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Sebastien Bacher | Approve | ||
Robert Ancell | Approve | ||
Seth Arnold (community) | Approve | ||
Marco Trevisan (Treviño) | Pending | ||
Review via email: mp+362993@code.launchpad.net |
Commit message
According to systemd-dev,
"mlockall() is generally a bad idea and certainly has no place in a graphical program.
A program like this uses lots of memory and it is crucial that this memory can be paged
out to relieve memory pressure."
With systemd version 239 the ulimit for RLIMIT_MEMLOCK was set to 16 MiB
and therefore the mlockall call would fail. This is lucky becasue the subsequent mmap would not fail.
With systemd version 240 the RLIMIT_MEMLOCK is now set to 64 MiB
and now the mlockall no longer fails. However, it not possible to mmap in all
the memory and because that would still exceed the MEMLOCK limit.
"
See https:/
https:/
RLIMIT_MEMLOCK = 64 MiB means, unity-greeter will most likely fail with 64 bit and
will always fail on 32 bit systems.
Removing mlockall() makes sense. It'd be best to replace it with an explicit mlock for the memory that contains the password, and any other memory that may reflect an interaction with the password, as well as use memset_s() or similar standards-level memory clearing functions once the password is no longer needed.
Encrypted swap would also be worthwhile.
But this fix doesn't need to wait for these other mitigations to be put in place.
Thanks