There has already been a lot of discussion on this concept on this list (see archives). A major shortcoming of this concept is that some program code may only very seldomly be excuted (error/exception handlers). As such, a pogramm may be killed just because it is gracefully handling an exceptional situation...
Rainer > -----Original Message----- > From: Timothy Demulder [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 04, 2004 9:45 AM > To: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] EFC Released > > On Thu, 04 Mar 2004 11:17:20 +0530 > Balwinder Singh <[EMAIL PROTECTED]> wrote: > > > Dear All, > > > > Execution Flow Control (EFC) is available for download at > > http://sourceforge.net/projects/efc/ > > > > What is EFC? > > > > EFC monitors the execution of a program by observing system > calls made > > by the program. EFC generates a database for each program > describing > > its behavioral model. The moment request for execution of a > program is > > made, kernel also loads program's behavioral model into the memory. > > Each request by a program is compared with model data base, > if request > > agrees with model it is permitted else program is killed. > > > > EFC is a kernel module, and woks on Linux only. > > > > Sincerely > > > > Bal > > Seems very interesting, but how does it affect > performance/stability of the system/kernel? > > Greets, > > Timothy > ---- > > Absolutely nothing should be concluded from these figures except that > no conclusion can be drawn from them. > -- Joseph L. Brothers, Linux/PowerPC Project) > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
