[Info-vax] Any PDP-11 RSX-11 fans looking to be horribly underpaid
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Sun Jan 14 13:49:36 EST 2018
On 2018-01-14, Scott Dorsey <kludge at panix.com> wrote:
> Simon Clubley <clubley at remove_me.eisner.decus.org-Earth.UFP> wrote:
>>
>>While it's not exactly a great situation to be in, it is manageable
>>in some environments to some extent provided you take the proper
>>precautions and provided you realise that your old systems are
>>hopelessly insecure.
>
> Please stop calling these systems insecure.
>
My comment was in response to Terry's comments about the VMS security
discussion on another thread.
I am willing to give PDP-11 systems a lot more leeway because they have
never been sold as high security systems. There's also a higher chance
that normal operation generally means privileged console access for
the PDP-11.
> Is a can-opener insecure? Anyone who can get into your house and grab it
> can use it. But does that make it insecure in any way?
>
> Just because the system is openly accessable to anyone with physical access
> does not make it insecure. It seems you have a very very narrow view of the
> concept of "security."
Maybe. Maybe not.
When I say hopelessly insecure, I have never said that it only applies
to people who have physical access to the server hardware or the
operator console. Most systems would be "hopelessly insecure" in that
situation.
No, I am talking about normal unprivileged users, especially those with
DCL access, who can come up with various ways to compromise those systems.
In my own exploit, a non-privileged DCL user can totally compromise
a VAX or Alpha system and that vulnerability has been in VMS since
the mid 1980s. What about all the vulnerabilities which have been quietly
fixed in recent versions without all the fuss that I am deliberately
making about this one ?
All that quietly fixing vulnerabilities does is to give people a false
sense of security.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list