Subject: Re: Getting rid of /dev/veriexec
To: None <email@example.com>
From: Elad Efrat <elad@NetBSD.org>
Date: 12/02/2005 18:44:06
> Think of FreeBSD/DF jail. It is not esoteric at all.
Well I certainly hope NetBSD is not going to import jail.
What difference does it make, security-wise, if /dev/veriexec
exists or not?
Would it not be better to use some kind of capabilities to
assign "can view Veriexec settings" vs. simply having the
device or not..?