[Info-vax] Questions and observations about OpenVMS

Simon Clubley clubley at remove_me.eisner.decus.org-Earth.UFP
Sun Mar 7 03:27:12 EST 2021 

On 2021-03-06, Forrest Aldrich <forrie at forrie.com> wrote:
>
> OpenVMS's idea of security (ie: concentric circles, operate with just 
> what is needed) makes a ton of sense to me.  We don't hear about VMS 
> being hacked or riddled with malware.
>

People have answered your other questions. I will focus on this part.

VMS security is very lacking compared to what is standard these days.

>From a strictly security point of view, VMS does not have 4 modes, it
only has 2 modes.

>From a security point of view, it has a user mode and a single inner
mode with the single inner mode split over 3 hardware modes.

Once in any of the inner modes you can get to any other inner mode
without any additional privileges required.

VMS is lacking other security features considered to be standard
these days, such as ASLR and a mandatory access control environment.

The way a process survives multiple images (which can be both a mixture
of privileged and non-privileged images) is a weakness. A Unix-style
approach, where a process is created to run a new image, would be
a more secure approach.

There is a good deal of inertia in the VMS world and a desire in some
quarters to carry on doing something because that is the way it has
always been done. For example, DECnet Phase IV is totally unsuited
for today's world, but VSI has already been forced to port it to x86-64
VMS, even with other work outstanding, because it is still used by so
many people.

As for VMS not been hacked, you really, really should not have gone there. :-)

VMS has the dubious honour of hosting one of the world's longest
surviving operating system vulnerabilities (it survived for 33 years
before it was discovered). It was confirmed to be exploitable on
both VAX and Alpha and it is an open question whether someone familiar
with the Itanium environment could have created a variant of the exploit
to do something bad there.

Supervisor mode shells (ie: DCL) have access to the privileges of
the programs they run. This is not a good thing.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.

More information about the Info-vax mailing list