From owner-freebsd-hackers  Sat Aug 10 09:38:35 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id JAA07491
          for hackers-outgoing; Sat, 10 Aug 1996 09:38:35 -0700 (PDT)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id JAA07486
          for <freebsd-hackers@FreeBSD.ORG>; Sat, 10 Aug 1996 09:38:33 -0700 (PDT)
Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.12/8.6.9) id CAA03169; Sun, 11 Aug 1996 02:31:19 +1000
Date: Sun, 11 Aug 1996 02:31:19 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199608101631.CAA03169@godzilla.zeta.org.au>
To: freebsd-hackers@FreeBSD.ORG, j@uriah.heep.sax.de
Subject: Re: kern_mib.c:int securelevel = -1;
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

>> Please use INSECURE to be consistent with BSD/OS and NetBSD.  I'm for
>> names in code that are black and white.  The man pages can describe the
>> gray areas in the bugs or caveats section.

>...and make it a default option.  Otherwise, people with typical
>workstations running Xservers will jump at us.  The comment in LINT
>and GENERIC _must_ mention this, or the amount of support replies we
>have to send out will increase drastically.

Have you tried it? :-)  X works fine even at securelevel 2.

However, this is a bug.  Certain opens and ioctls can be used to write
to mounted disks, so they should not work at securelevel >= 1.

Bruce