Bug#472629: linux-2.6: please increase the default RLIMIT_MEMLOCK - Debian

This is a discussion on Bug#472629: linux-2.6: please increase the default RLIMIT_MEMLOCK - Debian ; Package: linux-2.6 Version: 2.6.24-4 Severity: wishlist Tags: security Hi, Currently, the default value for RLIMIT_MEMLOCK (defined in include/linux/resource.h) is 32 KiB, because this value is enough for GnuPG. However this value is not enough for gnome-keyring-daemon, which will store both ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Bug#472629: linux-2.6: please increase the default RLIMIT_MEMLOCK

  1. Bug#472629: linux-2.6: please increase the default RLIMIT_MEMLOCK

    Package: linux-2.6
    Version: 2.6.24-4
    Severity: wishlist
    Tags: security

    Hi,

    Currently, the default value for RLIMIT_MEMLOCK (defined in
    include/linux/resource.h) is 32 KiB, because this value is enough for
    GnuPG.

    However this value is not enough for gnome-keyring-daemon, which will
    store both SSH and GnuPG keys, plus user passwords for various kinds of
    resources. Upstream authors recommend to provide a limit of at least 256
    KiB for RLIMIT_MEMLOCK for the keys to remain securely in memory.

    Given the amount of memory in current machines, I think 256 KiB is still
    a very reasonable value. Could you please increase the default in the
    kernel?

    Thanks,
    --
    .''`.
    : :' : We are debian.org. Lower your prices, surrender your code.
    `. `' We will add your hardware and software distinctiveness to
    `- our own. Resistance is futile.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQBH6O26rSla4ddfhTMRApXAAJ9hyUEqsX6DkoP5CFbxc9 x3rOBkHgCeONLj
    Q73nDIYbx8Q0U7SI5zCMh34=
    =cqHR
    -----END PGP SIGNATURE-----


  2. Bug#472629: linux-2.6: please increase the default RLIMIT_MEMLOCK

    reassign 472629 libpam-modules
    thanks

    Le mardi 25 mars 2008 * 13:33 +0100, Josselin Mouette a écrit :
    > Currently, the default value for RLIMIT_MEMLOCK (defined in
    > include/linux/resource.h) is 32 KiB, because this value is enough for
    > GnuPG.
    >
    > However this value is not enough for gnome-keyring-daemon, which will
    > store both SSH and GnuPG keys, plus user passwords for various kinds of
    > resources. Upstream authors recommend to provide a limit of at least 256
    > KiB for RLIMIT_MEMLOCK for the keys to remain securely in memory.
    >
    > Given the amount of memory in current machines, I think 256 KiB is still
    > a very reasonable value. Could you please increase the default in the
    > kernel?


    Looking at the reactions on the LKML, it looks like the kernel
    developers will sooner or later remove this limitation in a way that
    forces distributors to set it in userspace, so we’re better off starting
    to do it right now.

    Which leaves pam_limits.so and its configuration
    file /etc/security/limits.conf.

    Steve, would you agree to start setting this default in the PAM package?

    Cheers,
    --
    .''`.
    : :' : We are debian.org. Lower your prices, surrender your code.
    `. `' We will add your hardware and software distinctiveness to
    `- our own. Resistance is futile.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQBIMUVarSla4ddfhTMRAhwmAJ4+F698XenP6UYp0er6K7 RF7qT/ywCff8Dy
    DO/PYz/I+OQXw37dv386txQ=
    =4fOS
    -----END PGP SIGNATURE-----


  3. Processed: Re: linux-2.6: please increase the default RLIMIT_MEMLOCK

    Processing commands for control@bugs.debian.org:

    > reassign 472629 libpam-modules

    Bug#472629: linux-2.6: please increase the default RLIMIT_MEMLOCK
    Bug reassigned from package `linux-2.6' to `libpam-modules'.

    > thanks

    Stopping processing here.

    Please contact me if you need assistance.

    Debian bug tracking system administrator
    (administrator, Debian Bugs database)


    --
    To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

+ Reply to Thread