Did you know that in OpenBSD you (as root of course) corrupt the value of the sysctl kern.securelevel just by issuing the sysctl kern.securelevel=ARBITRARY_VALUE ?
I have yet to check and see if I can stuff or else crazy inside the value when I corrupt it.
I was told by some “in the know” that the data type is a signed int. so no binary data would work in theory.
My guess is it does some check like >= on the data presented to it, thus allowing larger numbers than available system secure levels.
Maybe you will.
Please note that it will always allow a value greater than the current value.