der Mouse wrote:

> Heh.  _Real_ machines have PROM passwords so that you-the-sysadmin can
> prevent booting from alternative media by people ignorant of the
> password.  (Remember, not everything runs DOS, either - this _is_
> current-users, not port-i386.)

Hm.  I've seen at least twenty different PCs over the last three years
(admittedly only 3 or 4 PROM vendors though) and as far as I can
remember, most if not all of them did have that kind of lockout.

Of course you can always kill the password if you can get the lid off,
and apparently some PROM vendors have well publicised backdoor
passwords.  Oh well :-)

Seriously though, although I would definitely agree that any normal
multiuser mechanism for subverting securelevel such as procfs
is bad, I'm not sure that I'd ever want to run a supposedly secure
machine with a debugger in its kernel.  Seems wrong somehow ...
-- 
Ronald Khoo <ronald@demon.net> Voice: +44 181 371 1000 Fax: +44 181 371 1150