Subject: Re: Getting rid of /dev/veriexec
To: None <>
From: Elad Efrat <>
List: tech-kern
Date: 12/02/2005 18:44:06 wrote:

> Think of FreeBSD/DF jail. It is not esoteric at all.

Well I certainly hope NetBSD is not going to import jail.

What difference does it make, security-wise, if /dev/veriexec
exists or not?

Would it not be better to use some kind of capabilities to
assign "can view Veriexec settings" vs. simply having the
device or not..?


Elad Efrat