On Thu, Jan 26, 2006 at 12:14:50AM +0100, Pavel Cahyna wrote:
> and data on the system". That's why it disables changing of file flags,
> /dev/mem, and mounted disks. ptrace() or coredumps have nothing to do with
> the TCB.

I'll respond to the rest of your message later, but there's one thing here
that's of note.  The reason ptrace() of init is prohibited is expressly
to protect the TCB: attach a debugger to init, and you can yank securelevel
around -- game over.

-- 
  Thor Lancelot Simon	                                     tls@rek.tjls.com

  "We cannot usually in social life pursue a single value or a single moral
   aim, untroubled by the need to compromise with others."      - H.L.A. Hart