[Info-vax] Questions about sys$cli()

[Simon Clubley]

On 2019-07-01, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
> On 2019-06-29 22:42:48 +0000, Simon Clubley said:
>
>> Is this structure some artifact from an earlier version of VMS and is 
>> now obsolete, or does it map to a DCL memory area which I have not 
>> found yet ?
>
> Wouldn't surprise me to learn that this is just another oddity of an 
> API-specific descriptor parser implementation.
>
> There have been and remain some... poorly-considered... APIs found 
> within OpenVMS, whether from the sys$cli era or from subsequent eras.
>

Sometimes I wonder how the same operating system can have both
world-leading features (ie: fully integrated clustering) _and_
a _really_ ugly CLI architecture (especially by today's standards).

>
> Poking at undocumented APIs is pretty popular with some folks. For 
> various reasons. On some platforms, undocumented or unsupported APIs 
> have been fertile ground for finding security exploits.
>

If any security researchers start probing VMS I suspect that is one
of the first places they will start looking, and for exactly that reason.

Perhaps it might be a good idea for VSI to review these undocumented
interfaces just to make sure that no unexpected shortcuts have been
taken during their implementation.

BTW, it is rather interesting that I never even considered the
possibility that it might be an oversized (longword versus word) read
until it was pointed out to me as a possibility.

That's probably because you don't really see that kind of thing
these days, even in C, and is very much an artifact of the era of
writing operating systems in assembly language.

It makes you wonder what other Macro-32 specific issues might exist
in VMS that could be waiting to be discovered if the security
researchers start looking in closer detail.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world