Theo de Raadt wrote: [..] >> privilege revocation/separation, > > split the kernel? huh?
Well, one could do it, but then you end up with a micro-kernel or at least something that passes, and verifies, messages between the components which run in separate subsystems. Having it compartmentalized though still allows one compartment to be taken down and that is usually already good enough to break the system as it tends to involve some critical part that is talking to user-injected messages. It is also very hard to do and because of that most likely adding it will cause more strange bugs than, possibly, exist in the code. I wonder how long it took CORE to find that recent bug and what avenues they took to find it though, having that, one could look for similar problems which would solve other possible issues. I don't think that will help OpenBSD a lot though, as it is already amazingly secure as has been very well been demonstrated: kuddo's to all the developers who made that possible! Greets, Jeroen -- if (it.hascode()) it.hasabug(); [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
