On Thu, Apr 21, 2022 at 10:52:52AM -0500, Jeremy Linton wrote: > Or maybe simpler yet, we provide a tool which wipes out the gnu BTI note on > binaries that are found to have BTI bugs, thereby (correctly) fixing the > problem at its source. This is at least presumably doable if we are also > assuming we can update glibc/etc in any environment with the problem. This seems like the most sensible thing if we do find we're running into BTI executables that are incorrectly annotated and difficult to fix - it avoids having to manage any new permissions for bypassing BTI.