On 21/06/2024 15:23, Theo de Raadt wrote:
> Stuart Henderson <stu@spacehopper.org> wrote:
> 
>> On 2024/06/20 20:50, Fabien Romano wrote:
>>>                                                   while there, I also encounter
>>> a mlock(2) in signal-desktop/better-sqlite/sqlcipher. From my understanding this
>>> syscall is about wiring page and not about concurrencies.
>>
>> they'll be trying to prevent secrets being written to swap (for those
>> OS which don't have encrypted swap).

Inded, after a second look :
Unless compiled with OMIT_MEMLOCK attempts to lock the memory pages so sensitive
information won't be swapped

> 
> Which is completely dumb, because that is NOT a promise made by the
> system call.

I clearly don't understand enough all the mmap related stuff. I was thinking
mlock() was about performance. So it may swap ?

This one is using it's own malloc implementation. The way it calls mmap is ...
no comment. I disable mlock() but then I may try to bring MAP_CONCEAL in long
term plan. Is there something else to use regarding sensitive information ?

> I really dislike msync(), because un-restricted use allow a userland
> process to overcomit shared resources.  Accidentally and intentionally,
> it will cause resource shortage in other running programs.

Thanks pledge() exists :)