On Nov 18, 2018, at 2:17 PM, Jiri Kosina jikos@kernel.org wrote:
It's probably not just browsers, but anything running JITed sandboxed code. So the most straightforward way might be the prctl() aproach, where userspace would claim "I do care about this, please fix it up for me". So prctl() + perhaps SECCOMP.
Yeah, the prctl() shifts the pain to the right place: folks explicitly opting in. Always-on seemed way too draconian to me.