On 01/04/2018 10:49 PM, Willy Tarreau wrote: > On Fri, Jan 05, 2018 at 01:54:13AM +0100, Thomas Gleixner wrote: >> On Thu, 4 Jan 2018, Jon Masters wrote: >>> P.S. I've an internal document where I've been tracking "nice to haves" >>> for later, and one of them is whether it makes sense to tag binaries as >>> "trusted" (e.g. extended attribute, label, whatever). It was something I >>> wanted to bring up at some point as potentially worth considering. >> Scratch that. There is no such thing as a trusted binary. > I disagree with you on this Thomas. "trusted" means "we agree to share the > risk this binary takes because it's critical to our service". When you > build a load balancing appliance on which 100% of the service is assured > by a single executable and the rest is just config management, you'd better > trust that process.
So you want to run this "one binary" as fast as possible and without mitigations in place? But, you want mitigations *available* on that system at the same time? For what? If there's only one binary, why not just disable the mitigations entirely?
