[Info-vax] Intel x86-64 Processor Design Security Vulnerability?
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Thu Jan 4 13:56:21 EST 2018
On 2018-01-04 18:28:09 +0000, Simon Clubley said:
> On 2018-01-04, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>> (and then there's that OpenVMS RCE I've been sitting on for a couple of years),
>
> Have you considered forcing the issue with that one ?
To what end? VSI is clearly already flat out. I've intentionally not
commented on the details of the supervisor-to-privileges path, either.
> If nothing has happened after a couple of years of waiting, what makes
> you think it's likely to be fixed soon ?
Because some of the security infrastructure work that VSI has underway
can eventually be used to mitigate the RCE. Because all of us need
more focus on the errors and the older and more trusting approaches
that can be latent in our own existing designs and implementations, and
work to remediate and to avoid creating new messes in our new designs
and new implementations. And to spot flaws in the designs and
implementations of others, and to realize the increasingly adversarial
nature of even our own internal systems and networks. Because various
of the existing OpenVMS sites haven't upgraded past the "don't use
telnet, ftp and DECnet" stage of blissful insecurity.
VSI has a whole lot of work ahead of them. So do we all. This
treadmill doesn't ever stop, and it's only ever going to accelerate.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list