Subject: Re: veriexec (Re: CVS commit: src)
To: YAMAMOTO Takashi <email@example.com>
From: Elad Efrat <elad@NetBSD.org>
Date: 10/01/2006 12:40:29
YAMAMOTO Takashi wrote:
> do you mean, if the interpreter is under a trusted path?
> isn't it the same for veriexec?
The interpreter is probably under a trusted path. But once executed, the
input it gets (from stdin, for example) is untrusted -- because it's
typed in by a user -- but is under a trusted path because it's
(a solution from the far past used the immutable flag to distinguish
interpreters, then marking them with a process flag meaning "can't read
from stdin", and checking that flag where needed. I believe our way is
much cleaner. :)