[Info-vax] The best VMS features, was: Re: openvms renaming file
Richard Maher
maher_rjSPAMLESS at hotmail.com
Tue May 29 05:43:51 EDT 2018
On 29-May-18 5:41 AM, Simon Clubley wrote:
> On 2018-05-28, Arne Vajhøj <arne at vajhoej.dk> wrote:
>>
>> If we agree that there are valid reasons to have both EXEC and
>> KRNL mode, then let us get to whether we need two privs CMEXEC
>> and CMKRNL or just one CMKRNL.
>>
>> De facto then both CMEXEC and CMKRNL implies full privs. So
>> there is no security difference.
>>
>
> I see what you are saying now. Given the way you worded it, I thought
> you were maybe thinking I was talking about $CMEXEC the system service,
> not CMEXEC the privilege.
>
>> But there can be other reasons.
>>
>> Protection against mistakes. If some code is supposed
>> to only call SYS$CMEXEC but not SYS$CMKRNL and only
>> get granted CMEXEC then it will actually fail if it
>> mistakenly calls SYS$CMKRNL.
>>
>
> Technically you are correct, but I suspect there would be a whole
> set of bugs in the code encountered first before that one was hit
> (and missed during peer review).
>
>> (malicious code could call SYS$CMEXEC and then
>> SYS$CMKRNL but we are talking buggy code not
>> malicious code here)
>>
>> Encapsulation. If the rule about EXEC mode
>> always allowing SYS$CMKRNL was ever changed, then
>> having two privs will save a lot of spillover
>> changes.
>>
>
> I suspect there would have to be a major rewrite of parts of VMS
> (and associated applications) before that happened.
>
>> Documentation. CMEXEC priv to call SYS$CMEXEC and
>> CMKRNL priv to call SYS$CMKRNL is sort of easy
>> to remember. CMKRNL priv to call SYS$CMEXEC is
>> a bit confusing.
>>
>
> $ set response/mode=good_natured
>
> Of course, the official way to get into supervisor mode does
> kind of damage that argument. :-)
>
> Simon.
>
Just shut up you cock!
More information about the Info-vax
mailing list