Our Goals


Goal: Modify Unix to make it more resilient against attack

POSIX delineates three things:
Things we cannot (should not) change in Unix
Things we can change in Unix
Things which are... left as undefined/unspecified

But there are also other standards, and "de facto" behaviours ...

We must be careful

Our goals:
1. Do not break the behaviours that programs DEPEND on
2. Change anything else which makes an exploit author cry
3. Insignificant or low performance hit

What follows is a list of such mechanisms...