> I'd love to see a bootable OpenBSD desktop CD with all applications > tightly wrapped by systrace, so I don't need to recreate and redistribute > the boot disk after each new Firefox, GAIM, etc exploit.
It is really unfortunate that I have never seen a perfect systrace policy. Not once. Not even for small programs like ping. People just don't like what system calls libraries do on their behalf. It is really quite depressing. So people end up using systrace to break their applications further.
