> If there is to be a condition placed on the presence of the ability
> to specify a different init other than /sbin/init because of security
> requirements then that same condition should also be enforced on the
> other questions which can also lead to a security breach (i.e. where
> is the root filesystem).

Yes, though to the list of questions I'd add the boot device and the
kernel name.

> At present, [INSECURE] would seem to control the default value of
> securelevel and whether or not the kernel will execute world writable
> files (lib/libsa/exec.c).

Um, libsa isn't part of the kernel AFAIK; that restriction applies to
the booter.  (I read it as, if you build the bootblocks without
INSECURE, they won't load a kernel whose world write bit is on.)

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B