[Info-vax] VMS - Virtual Terminals - A security risk way back yonder OR was that an Old Wives Tale ?
Michael Moroney
moroney at world.std.spaamtrap.com
Thu Feb 11 11:12:42 EST 2016
IanD <iloveopenvms at gmail.com> writes:
>Anyhow, I got to thinking about how in one place I worked, we had VMS
>virtual terminals but that after a few months, they were taken away and
>when-ever anyone enquired about there reinstatement, the security trump
>card was pulled out and the system manager 'dealer' always won that
>conversation / deal
>It got me thinking, was that an old wives tale back then (probably VMS
>version 5 ??? can't remember to be honest) or were there really issues
>with virtual terminals and people connecting in and getting onto someone
>else's disconnected session? (that was the excuse used to curtail virtual
>terminals)
Virtual terminals are still around. They were great with flaky dialup
lines, However, virtual terminals don't work with SSH, DECnet (SET HOST),
DECterms and maybe not telnet (unsure). So they see little use now.
To reconnect to one, you have to log in again. If there was a
disconnected session, you'd be asked if you wanted to reconnect to
it/one of them. Normal VMS privileges would apply, so I think in
theory it may be possible for someone to set the protection of
their virtual terminal to allow someone else to access it, and then
a little program to connect to it. Also, you don't want to use them
for a group account, since if one user gets disconnected, another user
(using the same login) can grab it.
You need to know the login to an account to be able to accesss a VT
belonging to that account, barring the possible protection mucking I
mentioned.
The underlying protocol (LAT, hardware etc) could itself be subject to
packet sniffing or whatever, but that's not a flaw with virtual terminals
itself. If there was a security issue bug way back when, it was almost
certainly long fixed.
I'd think they would be useful again for flaky networks and SSH, however
SSH is a complicated can of worms with a sort of tunnel, it's not a simple
terminal data connection, so it may not be possible to get VTs to work
with SSH,
More information about the Info-vax
mailing list