Andrew Brown wrote:

> theoterical secure level three?  ie:
> 
> no mounting or unmounting of filesystems...
> no loading of ipf or ipnat rules...
> no interface or route changes...
> no opening disk devices, either character or block...
> no time changes at all... (hmm...ntpd...after all, we want good time)
> no setuid() calls or suid effect on programs...

We really want a feature mask (or probably better a security sysctl
MIB with separate knobs to disable these one by one), not an arbitary
"level".

Simon.
--
Simon Burge                            <simonb@wasabisystems.com>
NetBSD Sales, Support and Service:  http://www.wasabisystems.com/