On Thu, 2004-08-05 at 08:05, Tobias DiPasquale wrote: > On Thu, 05 Aug 2004 07:35:09 -0500, Les Mikesell <les@xxxxxxxxxxxxxxxx> wrote: > > A more fundamental question: does anyone know why Linux uses > > pseudo devices for networking instead of having real names > > in /dev with associated permissions and inodes connected > > to drivers by major/minor numbers? It seems odd not to > > be able to control access to /dev/tcp by group permisions > > like you can every other device. > > Because network devices aren't easily manipulated using the standard > UNIX "everything is a file" methodology. They are packet-oriented, as > opposed to character- or block-oriented and as such, the normal > read()/write()/close()/etc suite of system calls doesn't make sense > for network devices (therefore, there's no reason to have a /dev file > for them). But it still makes as much sense to require open() to pass the access control restrictions as it does for every other device. > Also, network devices push packets towards the kernel > asynchronously (as far as the kernel's concerned, anyway); > chrdev/blkdev devices do so in response to some kind of request. No > UNIX(-alike) that I know of has /dev files that correspond to network > devices. I've forgotten the details because it was years ago, but I'm sure the last 'real' SysVr4 I used (perhaps Dell's, or AT&T's) had a /dev/tcp or similar device that was opened as a step in opening a socket and subject to the same rules as every other unix device. A local ISP back in the days when people would telnet in to access character-mode email/news, etc. used this to distinguish accounts that could make direct outbound connections from those that could only run programs to access the local mailbox and news spool. I was very surprised when I first saw that Linux omitted such a basic basic security concept of unix (all the magic happens in open()). As far as the network goes, it is the same thing as Lindows/Linspire defaulting to letting everyone run as root. --- Les Mikesell les@xxxxxxxxxxxxxxxx
