Re: Further shmctl() SHM_LOCK strangeness

[Hugh Dickins]

On Wed, 24 Nov 2004, Michael Kerrisk wrote:
> 
> While studying the RLIMIT_MEMLOCK stuff further, I came 
> up with another observation: a process can perform a
> shmctl(SHM_LOCK) on *any* System V shared memory segment, 
> regardles of the segment's ownership or permissions,
> providing the size of the segment falls within the 
> process's RLIMIT_MEMLOCK limit.

That's a very good observation.

I think it's unintended, but I'm not sure.
I've forgotten what can_do_mlock on shm was about.

Offhand I find it hard to grasp whether it's harmless or bad,
but inclined to think bad - if there happen to be lots of small
enough shared memory segments on the system, a series of processes
run by one unprivileged user can lock down lots of memory?

Isn't it further the case that any process can now SHM_UNLOCK
any segment?  That would surely be wrong.

I've added Rik and Chris to the CC list, they seem to be the
main can_do_mlock guys, hope they can answer.

Hugh

> Is this intended behaviour?  For most other System V IPC 
> "ctl" operations the process must either:
> 
> 1. be the owner of the object or have an appropriate 
>    capability, or
> 
> 2. have suitable permissions on the object.
> 
> Which of these two conditions applies depends on the
> "ctl" operation.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/