"Steven M. Bellovin" <smb@research.att.com> writes:
> Yes and no.  I'm very concerned about the false positive rate -- 
> programs do all sorts of different things, depending on minor 
> environmental changes.

True enough, but this is the tool that will let me say "don't let this
server ever run exec or fork or touch any files other than these two
config files and this log file". It is a powerful weapon. It need not
be used only the way that Niels has used it so far.

--
Perry E. Metzger		perry@wasabisystems.com
--
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/