lightdm-gtk-greeter-team team mailing list archive

[Pavel Timofeev <timp87@xxxxxxxxx>]

Pavel Timofeev has proposed merging lp:~timp87/lightdm-gtk-greeter/opt-mem-lock into lp:lightdm-gtk-greeter.

Commit message:
Provide an ability to turn off memory locking in LightDM GTK+ Greeter.

Requested reviews:
  LightDM Gtk+ Greeter Development Team (lightdm-gtk-greeter-team)

For more details, see:
https://code.launchpad.net/~timp87/lightdm-gtk-greeter/opt-mem-lock/+merge/373117

LightDM has had the same option since 2012.
Turning off that option in LightDM hardly makes sense if a greeter locks memory unconditionally.
This may be useful on platform where amount of memory a user may lock is limited and/or there is no swap at all.

More thoughts about mlockall(2) in LightDM GTK+ Greeter (and probably in LightDM):
- Why the code doesn't check if mlockall(2) was successful? If not swapping a password really matters then it definitely should do check returned value and do something with that, like exitting or logging an error at least. I hit this on FreeBSD, for example, mlockall was failed, but the LightDM GTK+ Greeter code run further coredumping eventually.
- Why actually mlockall(2) to lock *all* memory? Isn't it more appropriate to lock only those pages that hold user sensitive information (password, anything else?). Do we need all that code in memory all the time? What for?
-- 
Your team LightDM Gtk+ Greeter Development Team is requested to review the proposed merge of lp:~timp87/lightdm-gtk-greeter/opt-mem-lock into lp:lightdm-gtk-greeter.

=== modified file 'data/lightdm-gtk-greeter.conf'
--- data/lightdm-gtk-greeter.conf	2018-03-15 00:29:41 +0000
+++ data/lightdm-gtk-greeter.conf	2019-09-24 08:50:01 +0000
@@ -39,6 +39,7 @@
 # Security:
 #  allow-debugging = false|true ("false" by default)
 #  screensaver-timeout = Timeout (in seconds) until the screen blanks when the greeter is called as lockscreen
+#  lock-memory = True to prevent memory from being paged to disk
 #
 # Template for per-monitor configuration:
 #  [monitor: name]
@@ -63,3 +64,4 @@
 #reader=
 #position=
 #screensaver-timeout=
+#lock-memory=

=== modified file 'src/greeterconfiguration.h'
--- src/greeterconfiguration.h	2018-03-15 00:29:41 +0000
+++ src/greeterconfiguration.h	2019-09-24 08:50:01 +0000
@@ -18,6 +18,7 @@
 #define CONFIG_KEY_INDICATORS           "indicators"
 #define CONFIG_KEY_DEBUGGING            "allow-debugging"
 #define CONFIG_KEY_SCREENSAVER_TIMEOUT  "screensaver-timeout"
+#define CONFIG_KEY_LOCK_MEMORY          "lock-memory"
 #define CONFIG_KEY_THEME                "theme-name"
 #define CONFIG_KEY_ICON_THEME           "icon-theme-name"
 #define CONFIG_KEY_CURSOR_THEME         "cursor-theme-name"

=== modified file 'src/lightdm-gtk-greeter.c'
--- src/lightdm-gtk-greeter.c	2018-03-15 00:29:41 +0000
+++ src/lightdm-gtk-greeter.c	2019-09-24 08:50:01 +0000
@@ -2749,7 +2749,8 @@
     GtkIconTheme    *icon_theme;
 
     /* Prevent memory from being swapped out, as we are dealing with passwords */
-    mlockall (MCL_CURRENT | MCL_FUTURE);
+    if (config_get_bool (NULL, CONFIG_KEY_LOCK_MEMORY, TRUE))
+        mlockall (MCL_CURRENT | MCL_FUTURE);
 
     g_message ("Starting %s (%s, %s)", PACKAGE_STRING, __DATE__, __TIME__);