[Info-vax] Future comparison of optimized VSI x86 compilers vs Linux compilers
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Fri Jul 31 18:05:52 EDT 2020
On 2020-07-31 20:53:43 +0000, Camiel Vanderhoeven said:
> Op vrijdag 31 juli 2020 19:37:18 UTC+2 schreef Simon Clubley:
>>
>> From a security point of view, RMS code is effectively kernel mode code
>> anyway at the moment as you can get from executive mode to kernel mode
>> without any additional privileges required.
>
> I'd wish you'd stop spreading this nonsense. Pardon my French. the
> Exec/Kernel mode line was never intended as a security/privilege
> related line, its a mechanism that helps stability by protecting kernel
> mode data/code from bugs in exec mode, it's not meant to protect
> against malicous code executing in exec mode.
Nonsense? The statement from Simon is correct, and then you (Camiel)
then directly agreed with Simon's statement.
As you state, the rings are to isolate accidental corruptions and not
to rebuff malicious activity.
>From a security perspective, boundary enforcement among supervisor,
executive, and kernel is, well, lacking.
And yes, an attacker can become fully privileged given arbitrary code
execution in supervisor mode.
So OpenVMS effectively offers two modes, from a security perspective.
Unprivileged or user mode or ring 3, and everything else.
And as for modern mitigations and work toward app isolation, VSI
OpenVMS is lacking. That's been an issue for a while, though.
Do any of the VSI folks here have an opinion about the "the most secure
operating system on the planet" marketing, while we're on the subject?
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list