On Sun, 2018-01-21 at 17:21 +0100, Ingo Molnar wrote:
> 
> Because putting something like this into an ELF flag raises the question of who is 
> allowed to set the flag - does a user-compiled binary count? If yes then it would 
> be a trivial thing for local exploits to set the flag and turn off the barrier.

You can only allow *yourself* to be exploited that way. The flag says,
"I'm OK, you don't need to protect me".