On Tue, 8 Mar 2016 13:47:55 -0700 Scott Bauer <sba...@eng.utah.edu> wrote:
> This patch adds a sysctl argument to disable SROP protection. Shouldn't it be a sysctl to enable it irrevocably, otherwise if I have DAC capability I can turn off SROP and attack something to get to higher capability levels ? (The way almost all distros are set up its kind of academic but for a properly secured system it might matter). Alan
