On 24.09-13:48, Darren Spruell wrote: [ ... ] > Oh, that sounds like a recipe for success. > > - Run _arbitrary_ _binary_ application on system. Intend to use policy > wrapper to restrict to allowed operations.
exactly, if the application cannot run within the defined policies it will not be allowed to run, this is precisely the assurance that some businesses look for. it is, in fact, a process that helps identify poor applications. whether the system is opened up or not depends on the business. > The intentions are great and look good on paper. The reality is a bit > different, as others have pointed out. indeed, i am one of them. and probably as painfully aware of it as any. that is not the point, writing them off wholesale is folly, and suggesting the same can be achieved with current toolsets available is just plain wrong.
