| 主权项 |
1. A computer-implemented method of limiting exploitable applications in an operating system instance, the method being implemented by a computer system that includes one or more physical processors executing computer program instructions which, when executed, perform the method, the method comprising:
obtaining, by the computer system, at least a first operating system instance, the first operating system instance including a first application that provides a function that is exploitable to compromise the first operating system instance; disabling, by the computer system, prior to the first operating system instance ever being available for use in a runtime environment in which the first operating system instance is to be executed, the first application such that the function provided by the first application will not be available via the first operating system instance when the first operating system is executed in the runtime environment, wherein disabling the first application comprises associating, prior to the first operating system instance ever being available for use in the runtime environment, the first operating system instance with disabling instructions such that the disabling instructions causes availability of the function provided by the first application to be removed from the first operating system instance during a boot-up of the first operating system instance, and wherein associating the first operating system with the disabling instructions comprises inserting, prior to the first operating system instance ever being available for use in the runtime environment, the disabling instructions into the first operating system instance; and causing, by the computer system, the first operating system instance to be executed in the runtime environment after the first application is disabled such that the function provided by the first application is not available for use and is not exploitable to compromise the first operating system instance. |
