On Fri, Aug 11, 2017 at 12:33 PM, Tyler Hicks <tyhi...@canonical.com> wrote: > On 08/11/2017 02:17 PM, Kees Cook wrote: >> One thought here: should "kill" be always forced on during a write? >> This flag effectively cannot be disabled, so listing it (or not) in >> the sysctl may be confusing... > > "kill" can be silenced in the current implementation. Lets hammer out > whether or not that's the right thing to do and then we can discuss the > sysctl behavior on write. I don't personally have any concerns about an > admin being able to silence RET_KILL logs but let me know if you are > against it.
Oh right, this is fine. Yeah, as long as the default is to log it (which it is) I'm fine. Thanks! -Kees -- Kees Cook Pixel Security
