> Checkout chflags and what these offer.  It is possible to *stop*
   > people modifying the kernel, /etc/rc*, in multiuser mode already.
   
   > For proof of this, create a file in /tmp, set the schg flag and try
   > remove the file.  Try rebooting, and see what happens when something
   > tries to remove it whilst cleaning /tmp on reboot.
   
       142: touch /tmp/foo
       143: chflags uchg /tmp/foo
       144: rm -f /tmp/foo
       rm: /tmp/foo: Operation not permitted
       145: mv -f /tmp/foo /tmp/bar
       mv: rename /tmp/foo to /tmp/bar: Operation not permitted
       146: touch /tmp/xx
       147: mv -f /tmp/xx /tmp/foo
       mv: rename /tmp/xx to /tmp/foo: Operation not permitted
   
   So far so good.  But....
   
       148: chflags nouchg /tmp/foo
       149: rm /tmp/foo
       150: ls /tmp/foo
       ls: /tmp/foo: No such file or directory
   
   I didn't try the super-user version so may be this hole is filled.
   [Besides, it does say this call is under development:-)]
   
   Any way, I have said what I wanted to on this topic so I
   will shut up now.
   

what was your securelevel for this ?  if it was > 0, then this is
a security bug that should have been fixed a long time ago.

.mrg.