HP OpenVMS Guide to System Security: OpenVMS Version 8.4 > Appendix A Assigning Privileges

PHY_IO Privilege (All)

The PHY_IO privilege lets the user's process execute the Queue I/O Request ($QIO) system service to perform physical-level I/O operations.

Usually, process I/O requests are handled indirectly by use of an I/O package such as OpenVMS Record Management Services (RMS). However, to increase their control over I/O operations and to improve the efficiency of their applications, skilled users sometimes prefer to handle directly the interface between their process and a system I/O driver program. They can do this by executing the $QIO system service; in many instances, the operation called for is a physical-level I/O operation.

Grant the PHY_IO privilege only to users who need it; grant this privilege even more carefully than the LOG_IO privilege. If this privilege is given to unqualified users who have no need for it, the operating system and service to other users can be easily disrupted. Such disruptions can include the destruction of information on the system device, the destruction of user data, and the exposure of confidential information.

The PHY_IO privilege also lets a process perform the following tasks:

Task Interface

Access an individual shadow-set member unit

$ASSIGN, $QIO

Create or delete a watchpoint

$QIO request to the SMP watchpoint driver (WPDRIVER)

Map an LTA device to a server/port (IO$_TTY_PORT!IO$M_LT_MAPPORT)

$QIO request to a LAT port driver (LTDRIVER)

Issue the following I/O requests:

  • Logical I/O request

  • Logical or virtual I/O request with IO$M_MSCPMODIFS modifier

  • Physical I/O to private, non-file-structured device

$QIO

Modify the following terminal attributes: HANGUP SET_SPEED SECURE_SERVER

SET TERMINAL or the terminal driver (TTDRIVER) /[NO]HANGUP /[NO]SET_SPEED /[NO]SECURE_SERVER

Issue IO$_ACCESS (diagnostic) function to DEBNA/NI device driver

$QIO request to a synchronous communications line (XGDRIVER)

Enable Ethernet promiscuous mode listening

 

Issue IO$_ACCESS (diagnostic) function to Ethernet common driver