Hi! > > What I want is "if A can ptrace B, and B has pti disabled, A can have > > pti disabled as well". Now.. I see someone may want to have it > > per-thread, because for stuff like javascript JIT, thread may have > > rights to call ptrace, but is unable to call ptrace because JIT > > removed that ability... hmm... > > No, you don’t want that. The problem is that Meltdown isn’t a problem that exists in isolation. It’s very plausible that JavaScript code could trigger a speculation attack that, with PTI off, could read kernel memory. Yeah, the web browser threads that run javascript code should have PTI on. But maybe I want the rest of web browser with PTI off. So... yes, I see why someone may want it per-thread (and not per-process). I guess per-process would be good enough for me. Actually, maybe even per-uid. I don't have any fancy security here, so anything running uid 0 and 1000 is close enough to trusted. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature
