On Thu, 8 Oct 1998, Greg A. Woods wrote:

> Unless you prevent root from killing processes then a rogue root's going
> to be able to emulate single user mode anyway -- the only difference is
> they'll have to crack the securelevel settings to get very far.

And just how do they do that?

> So long
> as the only way to change securelevel is to raise it (which is the only
> sane way it can be implemented safely) then the rogue root still has to
> go through a reboot() call....

Well, when you make that change to NetBSD, let me know. At this
time, init can lower the securelevel.

> See?  My console reassignment trick hasn't thwarted you in the least...

Not on your imaginary NetBSD system, no. Unfortunately, it has on
the system on downloaded from ftp.netbsd.org.

cjs
--
Curt Sampson  <cjs@portal.ca>  604-257-9400    De gustibus, aut bene aut nihil.
Any opinions expressed are mine and mine alone.
The most widely ported operating system in the world: http://www.netbsd.org