In message <20050714143330.GD9104@localhost>, Bernd Sieker writes:
>On 14.07.05, 10:01:41, Michael Richardson wrote:
>> 
>>   a) you can build it in. I used to do that regularly.
>>      (I tried for awhile to get it accepted as a standard device...
>>      I take it that this never happened)
>> 
>>   b) you can load the module before securelevel->1.
>
>Actually, you _must_ load it before. lkm loading is only possible
>in securelevel 0. So you're not effectively running a system with
>lkm support enabled (see lkm(4).)
>

Sure, I understand that.  On secure machines, I'm still happier with 
the facility non-existent rather than controlled by a mode bit.

Why?  For fun, I ran rcorder on my machine.  rc.d/securelevel is number 
62 in the list.  Among the things that preceed it are dhclient, racoon, 
named, ntpdate, rpcbind, ypserv, cleartmp, nfsd, and nfslocking.  Do 
you trust all of them?  I don't.  (And to bring things back to the 
context of this discussion, named is one of the programs that normally 
runs chrooted, for good and sufficient reason.)

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb