[Info-vax] SAMBA and Ransomeware

Stephen Hoffman seaohveh at hoffmanlabs.invalid
Mon Jul 17 14:06:18 EDT 2017 

On 2017-07-17 17:16:51 +0000, Scott Dorsey said:

> Stephen Hoffman  <seaohveh at hoffmanlabs.invalid> wrote:
> 
>> Our app designs stink, and the OpenVMS APIs are really  primitive, but 
>> I digress.
> 
> I claim that the primitive APIs are a feature and that when you limit  
> control flow to a small number of simple primitive calls that it makes 
> it much easier to tell what is going on and keep things secure and 
> debugged.

Primitive APIs means everybody rolls their own stacks atop those 
building blocks, and folks then make different mistakes.   Or sometimes 
make the same mistakes in multiple apps.

I'm currently working with some of the OpenVMS security APIs here, and 
these APIs are particularly bad.  They're gnarly, difficult-to-use, 
easy-to-get-wrong, and can require ongoing maintenance for (for 
instance) the root certificates.   VSI has done some good work moving 
parts of these forward, but there's a whole lot that still needs to be 
implemented in each app, and a whole lot of work with the APIs.   
Because we're not tossing around UDP packets quite as often, and we now 
need to integrate with IPv6, DTLS, DNS and a host of other details.

> As far as the app designs stinking, well, that's true but the standards 
> of the industry in that regard are fearfully low.

Unfortunately that applies to the standards of more than a few OpenVMS 
apps, too.   The OpenVMS guide to system security manual is also 
woefully outdated too, but I digress,   Many of the apps I've written 
in past years assumed the local network was secure, rather than 
implementing it.   Times change.  Expectations and attacks change.   
Which leads to apps that work well enough for continued use them, but — 
if you were to review them or fuzz them or attack them — those same 
apps might not be considered top be quite as robust.  Apps which might 
need larger investments — and security doesn't get the investments 
often warranted — or app problems might well lead to breaches, or to 
wholesale app, server and/or OS replacements.

>> Again: we can live in and can desire and seek Y2K-era security and 
>> long-term server stability and the rest of the uptime era, or we can 
>> deal with the environment we have now, with the need to deploy patches 
>> more quickly, and prepare for the environment we're clearly headed 
>> toward.
> 
> I think we can have both, by forcing modularity, so that the parts that 
> need constant patching can be constantly patched _without_ affecting 
> the parts that do not.  Modularity and diminished interconnection 
> between modules is where control comes from.

That's containers and sandboxes for now, and a whole lot of work around 
dependency management and app packaging and tools, and migrations for 
the actively-maintained apps.




-- 
Pure Personal Opinion | HoffmanLabs LLC

More information about the Info-vax mailing list