Re: [PATCH v3 3/3] SROP mitigation: Add sysctl to disable SROP protection.
From: One Thousand Gnomes
Date: Tue Mar 08 2016 - 16:01:29 EST
On Tue, 8 Mar 2016 13:47:55 -0700
Scott Bauer <sbauer@xxxxxxxxxxxx> wrote:
> This patch adds a sysctl argument to disable SROP protection.
Shouldn't it be a sysctl to enable it irrevocably, otherwise if I have DAC
capability I can turn off SROP and attack something to get to higher
capability levels ?
(The way almost all distros are set up its kind of academic but for a
properly secured system it might matter).
Alan