[Info-vax] VMS Privileges Versus Linux Capabilities
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Thu Jun 16 20:06:41 EDT 2016
On 2016-06-16 23:03:46 +0000, lawrencedo99 at gmail.com said:
> On Friday, June 17, 2016 at 8:53:18 AM UTC+12, Simon Clubley wrote:
>
>> The difference between the models is that in VMS there's no such thing
>> as a fully privileged image or fully privileged user at least in the
>> sense that is meant under Unix so you don't have to worry about
>> emulating a root account or suid binaries under VMS.
Any user or installed image with an all-class privilege or any
user-written system service or user-written system service, or any
privileged server application, or any device driver or any execlet, or
any hunk invoked from that context — which can potentially include a
group-writable LOGIN.COM procedure of a privileged user, for instance —
or ... whatever... is still a target, and the associated security needs
to be reviewed. UWSS and drivers and execlets and ACPs, and images
installed with any ALL-class privilege — and other such constructs —
are already or can become fully privileged, with complete system
access. Any code in any inner-mode is fully privileged. Etc.
> Linux also has security options like SELinux or AppArmor. With one of
> these enabled, even running as root will not give you unchecked access
> to the system.
SEVMS was the mandatory access control variant of OpenVMS:
http://h71000.www7.hp.com/openvms/products/sevms/info.html
OpenVMS lacks sandboxes or jails or a BSD-style pledge() mechanism,
among other constructs.
What OpenVMS calls a subsystem identifier — an ACL-based entitlement
for executables — can be quite useful.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list