You have ACLs on VMS as well, so you can install a privileged image and
restrict
access to it (or any other object for that matter) with ACLs.
But that doesn't keep root from doing
$ SET PROC/PRIV=ALL
$ DELEGATE SYS$SYSTEM:*.*;*
or other stupid things you might come up with. Neither does it protect against
buggy or malicious programs run by root (these need to enable all privileges
first, and you're back to square 1). And PHY_IO allows direct access to
hardware
without going through the usual filesystems or even drivers IIRC. So it's
possible in a real OS, just with more safeguards than Linux currently uses
(but that seems to be changing).
Michael
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu