On Mon, Aug 7, 2017 at 12:34 PM, Kees Cook <keescook@google.com> wrote:

> (To be clear, this subthread is for dealing with _future_ changes; I'm
> already preparing the revert, which is in the other subthread.)
>
> On Mon, Aug 7, 2017 at 12:26 PM, Kostya Serebryany <kcc@google.com> wrote:
> > Oh, a launcher (e.g. just using setarch) would be a huge pain to deploy.
>
> Would loading the executable into the mmap region work?


This is beyond my knowledge. :(
Could you explain?

If we can do this w/o a launcher (and w/o re-executing), we should try.



> We could find
> a way to mark executables that want this treatment.
>
> --
> Kees Cook
> Pixel Security
>