[Info-vax] DCL vulnerability write up on The Register
Phillip Helbig undress to reply
helbig at asclothestro.multivax.de
Sun Feb 18 09:51:20 EST 2018
In article <p6c20f$jje$1 at dont-email.me>, Simon Clubley
<clubley at remove_me.eisner.decus.org-Earth.UFP> writes:
> So basically, when you combine the two bits together, a bug in the CDU
> parser, combined with a lack of proper checking in DCL, has basically
> allowed any interactive user with shell access to totally compromise
> a VAX or Alpha system since the mid 1980s.
>
> IMHO, things simply should not be that fragile.
True. However, apparently no-one ever did compromise a system in the
way you describe. Maybe because all who were in a position to do so
were wearing white hats?
More information about the Info-vax
mailing list