On Wed, Jan 25, 2006 at 09:47:37PM -0500, Thor Lancelot Simon wrote:
> On Thu, Jan 26, 2006 at 12:14:50AM +0100, Pavel Cahyna wrote:
> > and data on the system". That's why it disables changing of file flags,
> > /dev/mem, and mounted disks. ptrace() or coredumps have nothing to do with
> > the TCB.
> 
> I'll respond to the rest of your message later, but there's one thing here
> that's of note.  The reason ptrace() of init is prohibited is expressly
> to protect the TCB: attach a debugger to init, and you can yank securelevel
> around -- game over.

Yes, this sounds reasonable.

Pavel Cahyna