[Info-vax] IS everyone waiting?
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Thu Oct 20 14:42:06 EDT 2016
On 2016-10-20, David Froble <davef at tsoft-inc.com> wrote:
> Simon Clubley wrote:
>> What if a security issue is discovered next year which affects
>> Alpha VMS as well ?
>
> Hmmm .... "discovered" sort of implies that it's always been there, and is now
> "discovered". I'm guessing that regardless, the Alphas and VMS will still do
> what they did pre-discovery? Perhaps remedial steps could be taken to avoid
> discovered security issues?
>
Situation 1:
A flaw is discovered in a network stack (whether it's TCP/IP, LAT or
DECnet doesn't matter) which allows someone to take down a VMS system
remotely at will by exploiting this flaw in the stack without requiring
any authentication. This network stack is required for your production
operations however and cannot be disabled.
What do you do ?
Situation 2:
A flaw is discovered within the VMS kernel or privileged utilities which
allows a local unprivileged user to elevate their privileges at will.
What do you do ?
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list