[Info-vax] How would you load balance excess webserver traffic between multiple OpenVMS servers?
Arne Vajhøj
arne at vajhoej.dk
Tue Jan 12 13:45:29 EST 2021
On 1/12/2021 1:18 PM, ultr... at gmail.com wrote:
> On Tuesday, January 12, 2021 at 11:19:01 AM UTC-5, Stephen Hoffman wrote:
>> Local-privilege escalation:
>>
>> OPERATING SYSTEM: VAX/VMS V2.1
>> PRODUCT: VAX/VMS
>> COMPONENT: LOGINOUT
>>
>> GRPNAM SECURITY HOLE IN LOGIN
>>
>> PROBLEM STATEMENT:
>>
>> The GRPNAM privilege is an evil demon, allowing the user to
>> invoke its secret entrance for all manner of nefarious
>> purposes not originally intended.
>>
>> RESPONSE FROM DEC:
>>
>> The great wizard VMS confronted the demon, raised his great
>> oaken staff carved in ancient runes, and spoke the magic
>> incantation:
>> "$SETPRV IMAGEACTIVATIONENHANCEDPRIVILEGES $CMKRNL!!"
>> There was a blinding flash of light and puff of smoke, and
>> the demon, reduced to harmlessness, scurried off into the
>> distance.
>>
>> Where his secret entrance had been was naught but a little
>> pile of ashes, which the wind slowly drifted into letters
>> spelling the words "FIXED IN V2.3".
There was also the WANK worm.
> so basically you are stating that the "OpenVMS is most secure OS on the planet" sales pitch bellowed by DEC and not so much HP marketing
> over the years was just an oxymoron?
VMS was probably not the most secure back in the 1980's. But it was
better than many.
Per 2021 standards it was bad, but many other were even worse.
But applying 2021 standards to software from the 1980's is silly.
What is important is that other OS'es has improved security a lot
over the last 20 years, while VMS has seen relative little
enhancements.
VSI is trying to fix that now. But they cannot catch up
with 20 years of neglect over night.
Arne
More information about the Info-vax
mailing list