[Info-vax] Restrict the use of SUBMIT/USER= to one particular user.

Stephen Hoffman seaohveh at hoffmanlabs.invalid
Wed Nov 9 15:36:29 EST 2016 

On 2016-11-09 19:36:17 +0000, John Reagan said:

> ...
> burst has been in the SUBMIT.CLD going as far back as 1992
> ...

Okay.   Good to know.   Exactly what happened here isn't known.   Obviously.

Unfortunately — if the contents of the system are skewed — OpenVMS has 
no mechanism to detect such skews, nor to try to determine where those 
corruptions arose, nor to resolve the skews.

It would be useful if OpenVMS could do something like verify that an 
installation is correct and consistent, that it's not been corrupted or 
had malware or a rogue certificate inserted, and that the results of an 
OpenVMS upgrade and an install and a sequence of patches all match the 
expected results.    Bonus points for allowing reinstallation and 
recovering a damaged installation to "pristine" without having the 
clobber the whole universe of settings and customizations, whether 
recovering from a mistake or a bad block or otherwise.   Extra bonus 
points for adding support to secure the files of the operating system 
against all but vendor-authorized and digitally signed modifications, 
even from users with BYPASS barring a site-local override by the system 
manager.   This is all obviously a few steps past the rather limited 
capabilities of "secure distribution" as presently implemented, too.  
(BTW: much of this already exists on some other operating systems, and 
I'm — again — looking at 2021 or 2026 here, where these capabilities 
will only be more commonly available.)

I deal with some configurations that verify specific critical files — 
the equivalent of connecting into the OpenVMS source code control 
system and related databases, and that then performs end-to-end SHA-3 
checksums looking for differences — looking for trouble.   That's way 
past a verb definition or suchlike here and absurd for this specific 
CLD case, but — in the more general case — there have been skews 
between upgrades and installs and patches in the past and the 
ever-popular morass arising from the manual file copies that some 
patches have involved, and there have certainly been more than a few 
systems that have ended up corrupted or compromised or skewed.

Tying this back to the original part of this thread, executable images 
installed with privileges and UWSS images and server images launched 
with privileges would all be logical targets for checksumming the file 
contents, too.   These are the sorts of things that folks want to know, 
but often tend to not have the time to implement or perform or verify 
the results, and tend to be highlighted in post-crash or post-breach 
retrospectives.



-- 
Pure Personal Opinion | HoffmanLabs LLC

More information about the Info-vax mailing list