On Feb 3, Thor Lancelot Simon wrote
> By the way, I *seriously* question the utility of using file flags to
> "secure" a system.  To get any serious guarantee, every program run
> from rc (or any script it runs) while securelevel is zero must be marked
> schg; also, rc, rc.conf, etc. must be marked schg.  A system set up that
> way is almost as irritating to run as a system with a read-only root fs.
> 

It is :)
You can't do this on all machines, and you need to thing about implications
of managing such a box before doing. But there are situations where it's
possible without much trouble.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--