In message <20011018193836.B8908@rek.tjls.com>Thor Lancelot Simon writes
>So what?  

The "so what" is that (looking only at what went to tech-kern) Jason's
fix isn't what you asked for.  If you agree that Jason's patch does
indeed close your sandbox loophole, then we're in synch.

The other issue i've been trying to get at is separate.  I see you as
desiring semantics for PROT_READ vs. PROT_EXEC mappings which I dont
think is very meaningful, because the hardware doesn't acutally
enforce what it'd have to, in order to give the semantics you want.
But we can take that off-line if appropriate.

(I'd prefer this to keep going to both tech-security and tech-kern; it
needs review from both sides.)