Subject: Re: Getting rid of /dev/veriexec
To: None <joerg@britannica.bec.de>
From: Elad Efrat <elad@NetBSD.org>
List: tech-kern
Date: 12/02/2005 18:44:06
joerg@britannica.bec.de wrote:
> Think of FreeBSD/DF jail. It is not esoteric at all.
Well I certainly hope NetBSD is not going to import jail.
What difference does it make, security-wise, if /dev/veriexec
exists or not?
Would it not be better to use some kind of capabilities to
assign "can view Veriexec settings" vs. simply having the
device or not..?
-e.
--
Elad Efrat