Hi! > > What I want is "if A can ptrace B, and B has pti disabled, A can have > > pti disabled as well". Now.. I see someone may want to have it > > per-thread, because for stuff like javascript JIT, thread may have > > rights to call ptrace, but is unable to call ptrace because JIT > > removed that ability... hmm... > > No, you don’t want that. The problem is that Meltdown isn’t a problem that > exists in isolation. It’s very plausible that JavaScript code could trigger a > speculation attack that, with PTI off, could read kernel memory.
Yeah, the web browser threads that run javascript code should have PTI
on. But maybe I want the rest of web browser with PTI off.
So... yes, I see why someone may want it per-thread (and not
per-process).
I guess per-process would be good enough for me. Actually, maybe even
per-uid. I don't have any fancy security here, so anything running uid
0 and 1000 is close enough to trusted.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
signature.asc
Description: Digital signature
