From owner-freebsd-hackers  Thu Aug  8 01:51:33 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id BAA23078
          for hackers-outgoing; Thu, 8 Aug 1996 01:51:33 -0700 (PDT)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id BAA23070
          for <Hackers@FreeBSD.org>; Thu, 8 Aug 1996 01:51:27 -0700 (PDT)
Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.12/8.6.9) id SAA28939; Thu, 8 Aug 1996 18:49:04 +1000
Date: Thu, 8 Aug 1996 18:49:04 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199608080849.SAA28939@godzilla.zeta.org.au>
To: bde@zeta.org.au, michaelh@cet.co.jp
Subject: Re: kern_mib.c:int securelevel = -1;
Cc: Hackers@FreeBSD.org, jds@TracerTech.COM
Sender: owner-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

>BSD/OS and NetBSD are using options INSECURE to switch this feature on and
>off.  I'd also like to have this switch so I don't have to keep patching
>kern_mib.c when I build kernels that use this feature.

>If there are "mile wide" holes in the securelevel stuff we can state that
>the feature is experimental in the man pages.  I still would like to have
>the INSECURE switch added.  Just make it the default in the GENERIC kernel
>so it doesn't change the current default behavior.

The default should not require any options.  The new option could be named
A_LITTLE_BIT_SECURE.

Bruce