Subject: Re: Getting rid of /dev/veriexec
To: None <joerg@britannica.bec.de>
From: Elad Efrat <elad@NetBSD.org>
List: tech-kern
Date: 12/02/2005 18:44:06
joerg@britannica.bec.de wrote:

> Think of FreeBSD/DF jail. It is not esoteric at all.

Well I certainly hope NetBSD is not going to import jail.

What difference does it make, security-wise, if /dev/veriexec
exists or not?

Would it not be better to use some kind of capabilities to
assign "can view Veriexec settings" vs. simply having the
device or not..?

-e.

-- 
Elad Efrat