On Mon, Sep 14, 2009 at 7:12 PM, vitamin <wineforum-user@xxxxxxxxxx> wrote: > > Yang Zhang wrote: >> Being a userspace process doesn't mean you can't prevent a process from making syscalls. > > And how do you propose to do that? What can stop "int 0x80" from appearing in the app's code? You can stop "int 0x80" from appearing in the code by using a technique known as binary rewriting. This is used in VMWare, for instance. But that's not the only way to effectively prevent the OS from taking syscalls from a process. http://lwn.net/Articles/332974/ http://dev.chromium.org/developers/design-documents/sandbox http://research.microsoft.com/apps/pubs/?id=72878 http://code.google.com/p/nativeclient/ http://plash.beasts.org/wiki/ComparisonWithOtherSystems -- Yang Zhang http://www.mit.edu/~y_z/
