Subject: | |
From: | |
Reply To: | |
Date: | Thu, 1 Nov 2001 16:12:45 -0800 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
donna puzzles over alien operating systems:
> > You generally don't want your raw disk partitions and kernel
> > memory globally readable.
>
> my who-zles and what-zles? :-) then what would you suggest for a
> permission?
> 711? - d
Everything under /dev (on a Unix machine) needs to have a very specific and
individual security setting, so there's just no way to come up with any sort
of all-purpose security permissions.
Entries in the /dev directory are how the operating system itself accesses
things like your disk drives, so if you can read all the device files under
/dev, then you can read any byte on any disk accessible by the system, and
heaven help you if you give people write access, since they can then erase a
disk drive instantly or do anything else they feel like.
And /mem and /kmem *are* all the RAM memory on the machine.
Basically the things in /dev are direct links to all of the *hardware* of
the machine, and if you have access to a device file, then you are a god of
that piece of hardware. It's only the permissions bits on these files that
stop every user from having total hardware-level access to the machine.
On MPE it's *generally* not a problem because MPE does not use /dev for the
operating system's access to hardware the way Unix does, so most systems
don't have dangerous files here. But I think some MPE systems may have /dev
files pointing to things like SCSI pass-through drivers that allow
diagnostics and control programs to send arbitrary SCSI bus transactions for
the purpose of controlling disk arrays, tape libraries, and the like.
G.
--
"Oh great! Another quote that could be picked up and used as a signature
tag line. Thanks a lot!" -- Denys
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|