>> i thought about it and i've even give the that the attacked system was
>> stupid and had r-services turned on and root had "+ +" in his or her
>> .rhosts file.  that way all the attacker has to do is
>
>Nope. Not my threat model.

granted.  i was making it up as i went along...

>Lets say there is some random inetd service that happens to be, say,
>gid kmem. You know of an evil buffer overflow in it. Normally, this
>would be worth jack to you, since the system you are attacking is
>above securelevel 0, but by hitting the machine as it reboots, you
>can twizz /dev/kmem in that tiny window with this buffer overflow and
>gain something.

nasty...and equally far fetched...  :)

>Securelevel 1 is a "Defense in Depth" thing. A properly functioning
>machine shouldn't let anyone break in at ANY secure level. By having
>the system at securelevel 1, however, we prevent even people who have
>broken in and gained certain kinds of privs from harming the machine.

okay, assuming your threat model (which is much more *insidous* than
mine :), would the idead of inetd directly after date in /etc/rc be
better (then all /etc/rc has to do is exit) or would it actually be
more palatable to have init start the first instance of inetd after
it's finished mucking with the securelevel?

-- 
|-----< "CODE WARRIOR" >-----|
andrew@echonyc.com (TheMan)        * "ah!  i see you have the internet
codewarrior@daemon.org                               that goes *ping*!"
warfare@graffiti.com      * "information is power -- share the wealth."