Multics (was Re: getcwd() and friends.)

[Scott Schwartz]

In article <892 at twwells.uucp>, bill at twwells (T. William Wells) writes:
>In article <4523 at psuvax1.cs.psu.edu> schwartz at shire.cs.psu.edu (Scott Schwartz) writes:
>: I think we need a good dose of Multics: Reading the time should be
>: equivalent to accessing an object in virtual memory.  In fact, the
>: whole operating system system should behave like that, filesystem,
>: system calls, and so on.
>
>Ack, NO! All we need is one rogue pointer and almost ANYTHING can
>happen!
>
>That notion is attractive, but the separation produced by having
>system calls means that a much smaller class of errors is likely to
>do random things to your operating environment.

No, no, no. Multics had an amazing protection scheme!  System calls
are implemented as special places in privliged rings that you are
allowed to branch to.  Touch anything else, and the system returns an
access violation.  The point is that the memory management system
takes care of making sure users are playing by the rules, so that you
don't need to do a context switch as such, possible via an expensive
processor trap.

Think of it this way: in Unix the filesystem has a more general
protection scheme than does the vm system; you can indicate who
(user,group,other) has access to what files, and for what operatons.
Multics has general access control lists.  So at the worst, ignoring
all the good stuff that Multics could do for you, you reduce to Unix.

By the way, are there any Multics sites still in operation out there?
-- 
Scott Schwartz		<schwartz at shire.cs.psu.edu>