Re: [RFC 04/10] x86/mm: Only flush indirect branches when switching into non dumpable process

From: Woodhouse, David
Date: Sun Jan 21 2018 - 17:23:40 EST


On Sun, 2018-01-21 at 17:21 +0100, Ingo Molnar wrote:
>
> Because putting something like this into an ELF flag raises the question of who isÂ
> allowed to set the flag - does a user-compiled binary count? If yes then it wouldÂ
> be a trivial thing for local exploits to set the flag and turn off the barrier.

You can only allow *yourself* to be exploited that way. The flag says,
"I'm OK, you don't need to protect me".

Attachment: smime.p7s
Description: S/MIME cryptographic signature