[Info-vax] Questions about sys$cli()
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Mon Jul 1 13:39:55 EDT 2019
On 2019-07-01, John Reagan <xyzzy1959 at gmail.com> wrote:
>
[Background for comp.os.vms readers: I received email suggesting that
the read of the descriptor length field might be a longword instead
of a word for this specific API function.
Given the possible security implications of that, I discussed that
possibility with VSI before posting here.]
> It isn't a normal descriptor.
>
Yes, but the implication of the question in the email was more about
whether the access checks are done using the same sized field length
as the actual access to the buffer in the user's descriptor.
There's also an issue about whether there's any deliberate signed/unsigned
confusion possible during the checks if the lengths are different.
> SYS$CLI "normally" has more than one argument. [There is nothing "normal"
> about SYS$CLI in my opinion.]
>
Having now played with it, I would certainly agree with that. :-)
> And depending on your context, SYS$CLI may end up in different code with
> possibly different meaning of the arguments.
>
> These are some of the main reasons (excuses?) used over the years for not
> documenting it and/or not supporting a full user-written CLI.
Thanks for the feedback John,
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list