[Info-vax] The best VMS features, was: Re: openvms renaming file
Arne Vajhøj
arne at vajhoej.dk
Mon May 28 14:36:52 EDT 2018
On 5/28/2018 1:56 AM, Simon Clubley wrote:
> On 2018-05-28, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>> Privileges aren't
>> particularly tied to the access modes, beyond the memory management
>> controls being the foundation for all security.
>
> For one obvious example, what exactly is the point of having both
> CMEXEC and CMKRNL privileges on VMS, given how VMS is designed ?
>
> Because of that design, CMEXEC is completely and utterly redundant
> and is just artifical complexity (and a false sense of security).
I don't think it is.
It was never intended to be a security feature where getting from EXEC
to KRNL required something special.
But it did and still does provide two levels of access for code,
that protects against coding errors (but not against malicious code).
Arne
More information about the Info-vax
mailing list