Subject: Re: trusted BSD?
To: Simon Gerraty <firstname.lastname@example.org>
From: Thor Lancelot Simon <email@example.com>
Date: 08/08/2005 11:15:11
On Sun, Aug 07, 2005 at 09:50:37PM -0700, Simon Gerraty wrote:
> I'm actually looking at using verified exec to associate capabilities
> with certain apps - I'm already doing that now in a crude manner.
> It avoids needing to implement extended attributes, and since I
> digitally sign the manifest that verified exec is loaded from, I can
> trust the association.
I think this is the wrong way to go. I think that it would be much better
to associate systrace policies with executables using verified exec, as
we discussed some months ago -- and this avoids adding another bag on the
side of the system that largely duplicates what systrace can do.
Thor Lancelot Simon firstname.lastname@example.org
"The inconsistency is startling, though admittedly, if consistency is to be
abandoned or transcended, there is no problem." - Noam Chomsky