On Thu, 26 Jun 1997 00:19:51 +0100 
 "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu> wrote:

 > >machine that has ddb in the kernel, it's trivial to set the
 > >securelevel to something arbitrary?
 > 
 > Well, you don't need physical access to exploit this bug, AFAICT.

Umm... maybe I'm missing something... but, if you don't have physical
access, how is the presence of DDB going to allow a user to drop the
security level?  (Assuming, of course, that you are referring to the
mere presence of DDB.)

If you don't want to mention it in public, fine... but if a problem like
this exists, I'd like to know about it so it can be fixed.

Jason R. Thorpe                                       thorpej@nas.nasa.gov
NASA Ames Research Center                               Home: 408.866.1912
NAS: M/S 258-6                                          Work: 415.604.0935
Moffett Field, CA 94035                                Pager: 415.428.6939