[Info-vax] What to do with my VAX.....

Simon Clubley clubley at remove_me.eisner.decus.org-Earth.UFP
Fri Nov 20 08:37:22 EST 2020 

On 2020-11-20, seasoned_geek <roland at logikalsolutions.com> wrote:
> On Wednesday, November 11, 2020 at 12:43:47 PM UTC-6, Simon Clubley wrote:
>> On 2020-11-11, seasoned_geek <rol... at logikalsolutions.com> wrote: 
>> > 
>> > Like the Bash security breach exploited for ~25 years before being outted in public? 
>> >
>> I noticed you never replied to my response to this. 
>> 
>> Is that because I pointed out a very inconvenient truth that you 
>> would prefer to ignore ?
>
> No. I didn't see a question requiring a response. The Bash comment was pointing out how a terminal shell thought to be "secure" with so many chanting the mantra "no known security vulnerabilities" had one that was exploited for over two decades.
>

And how is that any different from DCL where people said the same thing
about VMS and DCL until I came along and found that DCL had a vulnerability
which allowed non-privileged people to compromise VAX/VMS and later Alpha
VMS on VMS versions spanning a 33 year period ?

> Korn Shell has had numerous long term security issues as well. Here's one first recorded in 1998.
> https://www.cvedetails.com/cve/CVE-1999-1114/

That sounds very similar to DCL (in concept and vulnerability scope at least).

> God only knows how long it was actually in the wild.
>

In the case of DCL, it was in the wild for 33 years. I doubt the Korn
shell existed in 1966 (1999 - 33). :-)

What people like you and Phillip need to understand is that vulnerabilities
exist everywhere and the less popular the OS, the more likely they are to
be silently exploited until a security researcher finally invests the time
to probe the OS.

VMS has many good features but it doesn't mean that you can ignore some
uncomfortable truths about security on VMS and claim there isn't a
problem on VMS simply because no-one has invested the time to find
those vulnerabilities yet.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.

More information about the Info-vax mailing list