On Tue, Jan 09, 2018 at 01:26:57PM -0800, Andy Lutomirski wrote: > 2.Turning off PTI is, in general, a terrible idea. It totally breaks > any semblance of a security model on a Meltdown-affected CPU. So I > think we should require CAP_SYS_RAWIO *and* that the system is booted > with pti=allow_optout or something like that.
Uhh, I like that. Maybe also taint the kernel ... -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.