Subject: Re: trusted BSD?
To: Simon Gerraty <>
From: Thor Lancelot Simon <>
List: tech-security
Date: 08/08/2005 11:15:11
On Sun, Aug 07, 2005 at 09:50:37PM -0700, Simon Gerraty wrote:
> I'm actually looking at using verified exec to associate capabilities
> with certain apps - I'm already doing that now in a crude manner.
> It avoids needing to implement extended attributes, and since I
> digitally sign the manifest that verified exec is loaded from, I can
> trust the association.

I think this is the wrong way to go.  I think that it would be much better
to associate systrace policies with executables using verified exec, as
we discussed some months ago -- and this avoids adding another bag on the
side of the system that largely duplicates what systrace can do.

 Thor Lancelot Simon	                            

"The inconsistency is startling, though admittedly, if consistency is to be
 abandoned or transcended, there is no problem."		- Noam Chomsky