Subject: The reason for securelevel
To: None <tech-security@NetBSD.org, tech-kern@NetBSD.org>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-security
Date: 01/25/2006 22:36:42
The reason we have securelevel is for *assurance*.  Theoretically, we 
don't need it; after all, we could set up our systems so that only root 
can do certain things, and all we have to do is keep the bad guy from 
becoming root.

Of course, as we've learned that's easier said than done.  They do 
crack root, with depressing regularity.  Securelevel is the extra 
protection for certain systems.  Doing things that weaken that 
protection is a bad idea.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb