[Info-vax] Opportunity for VSI?

[johnson.eric at gmail.com]

On Monday, December 17, 2018 at 8:41:51 AM UTC-5, Simon Clubley wrote:
> One more thing in addition to that above extensive list of yours.
> 
> It's well known what I think of certain parts of VMS security, but
> what do _you_ think with your clear exposure to a wide range of other
> technologies ?
> 
> For you, what parts of VMS security would stand out to an outsider as
> "well, that _really_ needs fixing" and what parts come across as
> "well, that's not too bad."

I'm not much of a security expert. But I do believe there will be a
multitude of exploits should anyone really start to dig. The belief that
the low CVE count is a measurement of security quality is deeply 
misguided.

I regard Linux and Windows as _more_ secure mainly because they
have a community of well respected folks who discover issues and
there are processes in place to catalog and prioritize those fixes.
In that sense, the VMS space is deeply immature. There is neither
a community nor a process.

As for security areas I'd think about... I've always wondered what
might happen if you take well formed RMS indexed files, and then
corrupt them. And then ask DCL and the underlying 
routines to deal with them. I would imagine there is a good possibility
that this will suss out some unexpected stack corruptions. Don't some
of those underlying mechanisms make use of executive mode and
supervisor mode? Are there mistakes along a pathway of stack
corruption to exploit? I have no idea... maybe?

I suspect a similar issue might exist with the LBR$ facility. I mention
this one because I remember a time where we had code that would
attempt to read an LBR file which was compressed - but we used a
thread that didn't have enough stack... and hilarity ensued with
crashes. Now, perhaps there is no mismanaged privs to exploit there.
I don't know.

> Are there any parts of VMS security which appear to you to still be
> leading the other operating systems ?

I do like the overall notion of ACLs at the file level. ACL handling with
NFS is utterly terrible. And I have never found a linux admin who could
actually make ACLs and NFS or the like actually work across a large
fleet of boxes. It was always very fragile.

But is the ACL design safe enough? Dunno.

My immediate concern for VMS is less the security issues - and more
addressing the long standing networking performance issues. The 
latency buried in the IP stack and the monolithic locks such as IOLOCK8
that protect their interrupt mode operations is a source of pain - both
for performance and scaling.

Perhaps some of this will be addressed with VCI 2.0.

But all of this takes a back seat to the underlying business problem.
x86 has to be shipped and people gotta buy it. Ain't no future
without that.

EJ