[Info-vax] DECnet Phase IV and VMS code comments

[David Froble]

Simon Clubley wrote:
> The reason I've been asking about DECnet Phase IV recently is
> because I decided to explore it a little bit from the security
> point of view. I didn't expect to find anything major in the
> limited time I allocated for this and sure enough I didn't.
> 
> However, I did find something unusual which while not an obvious
> security issue caused me a little concern because it does raise
> questions about the level of checking in the VMS networking code.
> 
> What I have discovered is that DECnet blindly trusts what it is
> being told about the originating address, even when that information
> cannot possibly be valid. For example, when the target node is 1.1,
> then the target node trusts (and processes) an incoming packet which
> also claims to be 1.1 instead of instantly dropping it.

Without getting into the rest of your post, DECnet can be used for task to task 
communications in the same system.  At least, that's what I remember from the 
dim past while using it on RSTS/E.

So, yeah, node 1.1 getting a connection from another task on node 1.1 should be 
valid.  Now, if DECnet can determine that the connection came from another node, 
(the lack of which seems to be your issue), then such a connection should be 
considered a problem.  Perhaps not for handling the connection, but surely a 
problem with network configuration.

Not sure what you're looking at, I can also use sockets for task to task 
communications on the same system?