> Three things you may wish to look at in NetBSD-current:
>  * verifiedexec - upload fingerprint of binaries that may be executed into
>  the kernel. binaries whose fingerprints do not match cannot be executed.
>    http://netbsd.gw.com/cgi-bin/man.cgi?veriexecctl++NetBSD-current
>    http://netbsd.gw.com/cgi-bin/man.cgi?verifiedexec++NetBSD-current
>  * cgd - disk-based encryption
>    http://netbsd.gw.com/cgi-bin/man.cgi?cgdconfig++NetBSD-current
>    http://netbsd.gw.com/cgi-bin/man.cgi?cgd++NetBSD-current
>   (if you want "users" to encrypt individual files then you probably
>    don't gain much in using tcfs instead of gpg.)
>  * systrace - security policies for individual processes.
>    http://netbsd.gw.com/cgi-bin/man.cgi?systrace++NetBSD-current
>    http://netbsd.gw.com/cgi-bin/man.cgi?systrace+4+NetBSD-current
> Also, -current has a non-executable stack, and other regions, depending
> on what architecture you are using.

Hi.  Sorry to be a pest, but those links don't work.  When I try to open
them I get:
The page you are looking for might have been removed, had its name changed,
or is temporarily unavailable.

Regards

Shane
http://gem.shaneland.co.uk