> From: Perry E. Metzger
>
>>Andrew Brown writes:
>> >securelevel doesn't change until after init is done with rc.
>> 
>> that's very true, but you're only talking about a fraction of a
>> second.  that's not even long enough for you to log in locally via
>> 100base-t and do *anything*.
>
>It is still ugly -- there may be things you can manage to do to the
>inetd in that fraction that aren't good...

i thought about it and i've even give the that the attacked system was
stupid and had r-services turned on and root had "+ +" in his or her
.rhosts file.  that way all the attacker has to do is

   rsh dingbat.bonehead.com chflags noschg file

and that would be it.  i *STILL* don't think it would work.  so how's
about this for a silly solution: if an /etc/inetd.conf file exists (it
may not if you really don't want any inet services), *INIT ITSELF*
runs inetd after it changes the securelevel.  not rc, not rc.local,
nothing runs it but init.  and then init can have the (optional) side
job of making sure it stays running.  that way you can't possibly
lose.

:P

you could probably get it to do this anyway by adding something goofy
to /etc/ttys...  :)

-- 
|-----< "CODE WARRIOR" >-----|
andrew@echonyc.com (TheMan)        * "ah!  i see you have the internet
codewarrior@daemon.org                               that goes *ping*!"
warfare@graffiti.com      * "information is power -- share the wealth."