>>> 6. inetd runs before securelevel is raised
>>> ------------------------------------------
>
>>> let's not reinvent the wheel here...after all, what's wrong with
>>> just moving inetd to the very end of rc, right before it prints the
>>> date?
>
>Darren> you still have a race condition.
>
>Darren> securelevel doesn't change until after init is done with rc.
>
>Hmmm... How about having rc raise the securelevel (can't we do this
>already with sysctl(1)?) before running programs that need securelevel
>raised for whatever reason. After rc exits, init can check to see if
>the securelevel is still at 0, and if so, raises it to 1 (in fact, it
>appears to do this already, and the manpage for init(1) suggests that
>rc should raise securelevel if you want a securelevel of 2).

<soapbox>

this is getting silly.  i'm trying not to *add* anything, just move
inetd so that the original functionality exists, but closes the
exploitable window almost completely.  is there anything actually
*wrong* with moving inetd, or are we simply *convinced* that we need
to add to things to make them better?

</soapbox>

-- 
|-----< "CODE WARRIOR" >-----|
andrew@echonyc.com (TheMan)        * "ah!  i see you have the internet
codewarrior@daemon.org                               that goes *ping*!"
warfare@graffiti.com      * "information is power -- share the wealth."