> > do you mean, if the interpreter is under a trusted path?
> > isn't it the same for veriexec?
> 
> The interpreter is probably under a trusted path. But once executed, the
> input it gets (from stdin, for example) is untrusted -- because it's
> typed in by a user -- but is under a trusted path because it's
> /dev/stdin.
> 
> (a solution from the far past used the immutable flag to distinguish
> interpreters, then marking them with a process flag meaning "can't read
> from stdin", and checking that flag where needed. I believe our way is
> much cleaner. :)

how does "our way" solve it?
is it related to the "direct"/"indirect" distinction?  (it was my original
question.)

YAMAMOTO Takashi