> I think a far simpler, and hence better, solution would be to have
> init run a separate /etc/rc.secure script after increasing the
> securelevel.
> 
> While we're at it, we could have init run /etc/rc.shutdown when making
> the transition from multi- to single-user.

now we're getting somewhere!  this makes a lot of sense :).  as people
have pointed out, there are quite a few programs (sendmail and sshd,
for example) that don't necessarily need to get started until after
the machine is "secure"...

this gets my vote!  :)

-- 
|-----< "CODE WARRIOR" >-----|
andrew@echonyc.com (TheMan)        * "ah!  i see you have the internet
codewarrior@daemon.org                               that goes *ping*!"
warfare@graffiti.com      * "information is power -- share the wealth."