[Info-vax] The best VMS features, was: Re: openvms renaming file
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Mon May 28 15:15:46 EDT 2018
On 2018-05-28, Arne Vajhøj <arne at vajhoej.dk> wrote:
> On 5/28/2018 1:56 AM, Simon Clubley wrote:
>>
>> For one obvious example, what exactly is the point of having both
>> CMEXEC and CMKRNL privileges on VMS, given how VMS is designed ?
>>
>> Because of that design, CMEXEC is completely and utterly redundant
>> and is just artifical complexity (and a false sense of security).
>
> I don't think it is.
>
> It was never intended to be a security feature where getting from EXEC
> to KRNL required something special.
>
> But it did and still does provide two levels of access for code,
> that protects against coding errors (but not against malicious code).
>
All you need to do is to give the user or program CMKRNL privilege and
let the program switch into executive mode instead because when you
give the user or program CMEXEC privilege, what you are really giving
them is CMKRNL privilege.
CMEXEC is utterly redundant within VMS as currently implemented.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list