On Thu, Oct 22, 2020 at 01:02:18PM -0700, Kees Cook wrote: > Regardless, it makes sense to me to have the kernel load the executable > itself with BTI enabled by default. I prefer gaining Catalin's suggested > patch[2]. :) [...] > [2] https://lore.kernel.org/linux-arm-kernel/20201022093104.GB1229@gaia/ I think I first heard the idea at Mark R ;). It still needs glibc changes to avoid the mprotect(), or at least ignore the error. Since this is an ABI change and we don't know which kernels would have it backported, maybe better to still issue the mprotect() but ignore the failure. -- Catalin