On Mon, Aug 7, 2017 at 12:34 PM, Kees Cook <keescook@google.com> wrote:

(To be clear, this subthread is for dealing with _future_ changes; I'm
already preparing the revert, which is in the other subthread.)

On Mon, Aug 7, 2017 at 12:26 PM, Kostya Serebryany <kcc@google.com> wrote:
> Oh, a launcher (e.g. just using setarch) would be a huge pain to deploy.

Would loading the executable into the mmap region work?

This is beyond my knowledge. :(

Could you explain?

If we can do this w/o a launcher (and w/o re-executing), we should try.

We could find
a way to mark executables that want this treatment.

--
Kees Cook
Pixel Security