Re: [patch 11/54] mm: introduce memfd_secret system call to create "secret" memory areas

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 7, 2021 at 6:08 PM Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> From: Mike Rapoport <rppt@xxxxxxxxxxxxx>
> Subject: mm: introduce memfd_secret system call to create "secret" memory areas
>
> Introduce "memfd_secret" system call with the ability to create memory
> areas visible only in the context of the owning process and not mapped not
> only to other processes but in the kernel page tables as well.

Am I missing something?

>From what I can't tell, this must not be enabled for regular users,
because the secret mapping is effectively mlock'ed into the address
space.

But there does not seem to be any permission checks or any limits, so
this looks like a trivial way for a bad user to force the kernel to
run out of memory.

So this looks entirely unacceptable.

Please tell me what I'm not getting...

             Linus



[Index of Archives]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux