[Info-vax] OpenVMS x64 Atom project
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Mon Jun 7 09:09:26 EDT 2021
On 2021-06-06, Dave Froble <davef at tsoft-inc.com> wrote:
>
> Ok, a VMS question.
>
> What, other than getting to run a program, could be done by the bad guys
> on a VMS system? I confess, I have not studied the issue at all.
>
If _that's_ what you are thinking in terms of, then you need to do some
serious reading.
A common attack vector is to inject code into a running program via
malformed inputs or malformed protocol packets.
Another attack vector is to use malformed protocol packets to get more
access than you should. That's how Heartbleed was able to read more
memory than should have been possible.
> If the bad guys need to get access and run a program, would defenses
> that check for valid programs running be successful?
>
You are thinking at the wrong level. They already have access if
they can get to a program running on a network port. They can then
probe that program to see if they can compromise it in some way.
> So, yeah, if I can get access and run a process on VMS, much can be
> done. And possible defenses could be set up. But if there are other
> possibilities, one would need to know about them before considering
> defenses.
>
You have already seen this twice on VMS, both from me and from the
DEFCON 16 researchers where we injected code we controlled into a
running interactive process. That's bad enough but think about how
devastating that could be if someone found a way to do that to a
network process.
You need to think a _lot_ wider than you appear to be currently thinking.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list