Martin Husemann wrote:
> To be consistent, I think we also should have a sysctl knob that (dis-)allows
> root to ptrace(PT_ATTACH, ...) to suid processes, and forbid changing this
> setting at securelevel >= 1.

Here's an idea I was discussing with a friend the other day...

Because securelevels start to have too many affects, we could have the
knobs separated, and continue to use kern.securelevel as a macro.

So an admin can either go and set kern.securelevel and have consistent
behavior (as it is today), or go and turn on the knobs he's interested;
having a bit of securelevel 2, 1, and -1.

The knobs could all be raise-only (just like kern.securelevel itself).

How's that sound?

-e.

-- 
Elad Efrat