On Wed, 16 Jun 1999, Simon J. Gerraty wrote:

: Just to clarify, I meant that you could not (by any means) make a file
: executable while the system is running at whatever secure-level turns
: your feature on and you clear execute permissions when a file is
: written to.  It would not need to be single-user, except that you
: cannot lower secure-level once raised so it might as well be
: single-user that you go to to chmod +x.

This brings up an interesting point.  We probably should take features like
this and make them one-way sysctls, so that there isn't too much assumed
about what's in a `securelevel'.  In fact, I'd venture to suggest that much
of the current `securelevel' functionality would be better implemented by
sysctls that are one-way settings (reset only at reboot).

Or, there could be a `securelevel' with exactly two states (0 and 1), where
`0' indicates two-way security switch sysctls, and `1' indicates one-way
settings.

-- 
-- Todd Vierling (tv@pobox.com)