bdonlan: > I don't understand. Anyway, why not fork() and restrict the child?
That is hardly easy or efficient. My point is that I've got this notion of being able to use some capability only by calling a predefined function (ie, the one I posted that accepts user input from the terminal), but I don't know how to translate that into a generic kernel facility. The kernel is concerned with ensuring that the state of the program is acceptable before allowing a capability to be used. For instance, that the predefined function was called normally, instead of jumping into it halfway with a malicious stack. _______________________________________________ devl mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/devl
