Thanks Gary. Reading through the 1.1 Design doc for validated execution, it's clear that there is a bit of interaction between these two projects. At the very least mmapfd(2) or more likely mmapobj(2) will need to be added to Section 2 along with the following block diagram.
I don't see anything in mmapfd that would conflict with valex but valex would have to add some logic to mmapfd to call signedexec_validate(). Since other binaries, such as Java will not be mapped via mmapfd, the mmap modifications for PROT_EXEC still seem necessary. I was hoping that they could be eliminated, but that does not appear to be the case. --Mike On Thu, 2008-04-03 at 16:32 -0800, Gary Winiger wrote: > When I extended the timer yesterday it was for two reasons. I should have > mentioned them. First was the interface name that had not converged. > The second was that there seemed to be some possible interactions between > mmapfd and validated execution and I wanted to ask both project teams to > take a quick look at the other project to see if some alignment might > be needed? > > Please consider this a request to both projects. > > Thankx, > Gary.. >
