On Fri, Feb 26, 1999 at 03:08:06PM -0500, Bill Sommerfeld wrote:
> An interface like this could be very useful for (e.g.) coda and AFS
> servers. 
> 
> (putting on my security geek hat)
> 
> I assume that calls which take a file handle will be restricted to
> root only, securelevel < 2, or thereabouts?

In the spirit of "not allowing permission data to be *modified* at 
securelevel > 1" in which I did the ipf and mount(2) changes, I strongly
suggest that at least some of these calls not be allowed at all at
securelevel 2.

Certainly if we're going to rototill the export code, at securelevel 2
or above, changing the export list should be prohibited.

Thor