Mailing List Archive

From:: "Theo de Raadt" <deraadt@openbsd.org>
Subject:: Re: kern_pledge, allow sysctl hw.model & hw.cpuspeed
To:: Fabien Romano <fabienromano@gmail.com>, tech@openbsd.org
Date:: Fri, 21 Jun 2024 08:23:11 -0600

Download raw body.

Thread

- 2024-06-21 13:55 Theo de Raadt:
  kern_pledge, allow sysctl hw.model & hw.cpuspeed
2024-06-21 14:16 Stuart Henderson:
kern_pledge, allow sysctl hw.model & hw.cpuspeed
- 2024-06-21 14:23 Theo de Raadt:
  kern_pledge, allow sysctl hw.model & hw.cpuspeed
- - 2024-06-21 20:53 Fabien Romano:
    kern_pledge, allow sysctl hw.model & hw.cpuspeed

Stuart Henderson <stu@spacehopper.org> wrote:

> On 2024/06/20 20:50, Fabien Romano wrote:
> >                                                   while there, I also encounter
> > a mlock(2) in signal-desktop/better-sqlite/sqlcipher. From my understanding this
> > syscall is about wiring page and not about concurrencies.
> 
> they'll be trying to prevent secrets being written to swap (for those
> OS which don't have encrypted swap).

Which is completely dumb, because that is NOT a promise made by the
system call.

I really dislike msync(), because un-restricted use allow a userland
process to overcomit shared resources.  Accidentally and intentionally,
it will cause resource shortage in other running programs.

- 2024-06-21 13:55 Theo de Raadt:
  kern_pledge, allow sysctl hw.model & hw.cpuspeed
2024-06-21 14:16 Stuart Henderson:
kern_pledge, allow sysctl hw.model & hw.cpuspeed
- 2024-06-21 14:23 Theo de Raadt:
  kern_pledge, allow sysctl hw.model & hw.cpuspeed
- - 2024-06-21 20:53 Fabien Romano:
    kern_pledge, allow sysctl hw.model & hw.cpuspeed