donna puzzles over alien operating systems:
> > You generally don't want your raw disk partitions and kernel
> > memory globally readable.
>
> my who-zles and what-zles? :-)  then what would you suggest for a
> permission?
> 711?    - d

Everything under /dev (on a Unix machine) needs to have a very specific and
individual security setting, so there's just no way to come up with any sort
of all-purpose security permissions.

Entries in the /dev directory are how the operating system itself accesses
things like your disk drives, so if you can read all the device files under
/dev, then you can read any byte on any disk accessible by the system, and
heaven help you if you give people write access, since they can then erase a
disk drive instantly or do anything else they feel like.

And /mem and /kmem *are* all the RAM memory on the machine.

Basically the things in /dev are direct links to all of the *hardware* of
the machine, and if you have access to a device file, then you are a god of
that piece of hardware.  It's only the permissions bits on these files that
stop every user from having total hardware-level access to the machine.

On MPE it's *generally* not a problem because MPE does not use /dev for the
operating system's access to hardware the way Unix does, so most systems
don't have dangerous files here.  But I think some MPE systems may have /dev
files pointing to things like SCSI pass-through drivers that allow
diagnostics and control programs to send arbitrary SCSI bus transactions for
the purpose of controlling disk arrays, tape libraries, and the like.

G.

--
"Oh great!  Another quote that could be picked up and used as a signature
tag line.  Thanks a lot!" -- Denys

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *