|
|
Log in / Subscribe / Register

memfd_secret() in 5.14

memfd_secret() in 5.14

Posted Aug 7, 2021 15:26 UTC (Sat) by mb (subscriber, #50428)
In reply to: memfd_secret() in 5.14 by khim
Parent article: memfd_secret() in 5.14

>Or it may refuse to even start. Which also valid option

Refusing to start, to crash or refusing to do other things (e.g. hibernate) is not really a valid option from UX perspective.

Programmers often tend to assume that it's valid to do such things. "Somebody else will care and clean up after me. Let the user just restart the app. etc...". But it's *not* Ok. People will get frustrated by broken software that crashes or doesn't work as expected. (as in: what the user(!) expects)
Users don't use software for the sake of software, but rather to get actual work done.

I cannot enable memfd_secret(), because I use hibernation.
Distributions cannot enable memfd_secret() by default either, because they have users using hibernation.
Therefore it's a turn-on-by-user security feature. Which is very bad, because people tend to not turn on such features out of fear of breaking something.

memfd_secret() is a useful feature. Even with (encrypted) hibernation. So (at least!) give me the choice to enable it, please. But I'd rather like to see it enabled by default. Even with unencrypted hibernation.

to post comments

memfd_secret() in 5.14

Posted Aug 7, 2021 15:51 UTC (Sat) by khim (subscriber, #9252) [Link]

> Users don't use software for the sake of software, but rather to get actual work done.

True. And they would upgrade (or downgrade) to a certain version of OS or disable hibernation if that's needed to do their work.

> So (at least!) give me the choice to enable it, please.

Why? If I understand correctly that feature wasn't designed simply because someone was bored. And the people who developed it want to ensure kernel would never see or access these pages. They most certainly don't want to see that information stored or HDD or SSD, encrypted or not. Or else feature would be useless for them.

Why do you think making feature for some bystander is more important than making it useful for people who developed it in the first place?

> But it's *not* Ok. People will get frustrated by broken software that crashes or doesn't work as expected. (as in: what the user(!) expects)

If that's not Ok then why are OSes and applications developed around that paradigm (MacOS and Windows, Android and ChromeOS) are so much more popular than platforms which are “correct from UX perspective” ones?

Think about it. And no answer “they are popular because most users are secret masochists” is wrong.

memfd_secret() in 5.14

Posted Aug 7, 2021 16:17 UTC (Sat) by Wol (subscriber, #4433) [Link] (1 responses)

> memfd_secret() is a useful feature. Even with (encrypted) hibernation. So (at least!) give me the choice to enable it, please. But I'd rather like to see it enabled by default. Even with unencrypted hibernation.

Just make it point out to the user - with strong warnings - that it will disable hibernation. You want it, fine. It just needs to be an either/or choice.

Cheers,
Wol

memfd_secret() in 5.14

Posted Aug 7, 2021 16:26 UTC (Sat) by khim (subscriber, #9252) [Link]

Isn't it how it's done today?


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds