On Fri, May 05, 2006 at 08:37:41PM +1000, Jonathan Gray wrote: > > Not to mention the whole perl/sh/etc deal which will have to > exist to allow the system to function, and can run whatever. >
Not under a correctly configured veriexec. Otto is correct about exploiting a buffer overflow to run code (certainly veriexec won't stop that trick) but I do wonder if it would be possible to enforce a restriction that any executable page must be backed by an on-disk object and how much pain/lossage that would entail. -- Brett Lymn