Re: /dev/openprom problems - Solaris 1 or Solaris 2

[scottr () plexus com (Scott Reynolds)]

On Sun, 26 May 1996, Dan Stromberg wrote:

> 5) It makes vastly more sense for sun (or or any other OS development
> team) to spend time on new features, instead of fixing "problems" where
> priviledged users "can" crash their own machines (/oh boy!  I get to
> crash a machine I'm responsible for!/).  Consider:
>
>         dd if=/dev/zero of=/dev/dsk/c0t3d0s1.

- There are systems where you could do an analog of this all day long and
  never crash.  (Anything based on 4.4BSD shouldn't let you, for example.)

- It is clearly wrong, especially given the potential impact, to work
  around the problem in a manner that only delays the inevitable.

> [...] it is more helpful if one also maintains a sense of where these
> bugs fit into the overall picture, which is: setting up operating
> systems that allow users to get things done.

I think it's obvious that if an intruder can find a way to chmod +r
/dev/openprom (or chown it to their uid), the system will potentially not
allow anyone to get anything done.  Far better to remove the back door
than to board it up, figuratively speaking.

--scott