On 05/14/2018 05:32 PM, Andy Lutomirski wrote:
On May 14, 2018, at 5:01 AM, Florian Weimer <fweimer@xxxxxxxxxx> wrote:
One thing we could do, though: the current initual state on process
creation is all access blocked on all keys. We could change it so that
half the keys are fully blocked and half are read-only. Then we could add
a PKEY_ALLOC_STRICT or similar that allocates a key with the correct
initial state*and* does the setsignal thing. If there are no keys left
with the correct initial state, then it fails.
The initial PKRU value can currently be configured by the system administrator. I fear this approach has too many moving parts to be viable.
Honestly, I think we should drop that option. I don’t see how we can expect an administrator to do this usefully.
I don't disagree—it makes things way less predictable in practice.
Thanks,
Florian
--
To unsubscribe from this list: send the line "unsubscribe linux-x86_64" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html