From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <tglx@linutronix.de>
Received: from p5492e61e.dip0.t-ipconnect.de ([84.146.230.30] helo=nanos)
	by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <tglx@linutronix.de>)
	id 1fCuRk-0003xA-Mh
	for speck@linutronix.de; Mon, 30 Apr 2018 00:05:28 +0200
Date: Mon, 30 Apr 2018 00:05:28 +0200 (CEST)
From: Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [patch V7 00/15] SBB 0
In-Reply-To: <alpine.DEB.2.21.1804292239010.1595@nanos.tec.linutronix.de>
Message-ID: <alpine.DEB.2.21.1804292359270.1595@nanos.tec.linutronix.de>
References: <20180429193045.711908246@linutronix.de>
 <20180429203542.GC19814@pd.tnic>
 <alpine.DEB.2.21.1804292239010.1595@nanos.tec.linutronix.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

On Sun, 29 Apr 2018, speck for Thomas Gleixner wrote:
> This is not a Intel/AMD wish and we serve store. We make our own decisions
> and I rather let enterprise admins curse about setting the right bits on
> the kernel command line when they tune their shiny new prctl enabled JVM
> thingy.
> 
> Unless someone provides authoritative proof that there is no issue. I'm
> looking forward to that....

Just for the record. I was sceptical about the prctl in the beginning, but
I surely recognize the value. Though in that early discussion my concerns
about the general security problem for Joe User was mitigated with the
argument that sensible stuff like browsers are going to be covered by
seccomp() anyway. Now the seccomp() thing was given up upon, so the initial
question still stays. And I think it's a legitimate one,

Thanks,

	tglx