This subsection describes the results of the system call review for calls related to memory management.
The mprotect call may be used to set the protection on a region of memory. The call is implemented in mm/mprotect.c. Linux requires that the new protection be a subset of the maximum protection on the mapping. For anonymous memory or a private copy-on-write mapping of a file, the maximum protection allows all accesses. For a shared mapping, the maximum protection always allows read and execute access but only allows write access if the file is open for writing.
Flask ensures that mprotect cannot be used to increase the current protection on memory-mapped files beyond what the security policy authorizes. Flask should also control the ability to execute anonymous memory. A new permission could be introduced based on the SID of a process that controls whether the process is allowed to execute anonymous memory.
The mlock and munlock calls may be used to disable and reenable paging for a range of memory. The mlockall and munlockall calls may be used to disable and reenable paging for all pages mapped into the address space of the calling process. These calls are implemented in mm/mlock.c. Linux requires CAP_IPC_LOCK to disable paging, so Flask requires cap_ipc_lock permission. No additional controls seem necessary.