[Info-vax] Unexpected DECnet Phase IV functionality with possible captive account implications
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Mon May 10 17:07:49 EDT 2021
On 2021-05-10 19:38:40 +0000, Simon Clubley said:
> On 2021-05-10, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>>
>> Captive doesn't get to write anywhere outside of very targeted
>> directories, and then only with constraints. See below for more on the
>> constraints.
>
> Captive accounts can be privileged. In fact, that's the whole point of
> them for a good range of usage cases.
In recent years, I prefer the CAPTIVE users be set up minimally privileged.
That means probably TMPMBX, maybe NETMBX.
How? I've become fond of using subsystem identifiers and executable
images, and of using privileged server processes.
The privileged server process might as simplistic as some DCL or other
scripting or other application on the far end of a host-local DECnet
connection, or on the far end of a mailbox, or some other other
interprocess communications.
DCL interprocess communications support is seriously lacking, but
that's fodder for another discussion or three.
This approach keeps the privileges somewhat less accessible to the users.
Again, this is basic app sandboxing, albeit a less-than-well-documented
topic on OpenVMS, and with minimal OpenVMS support past the classic
here's-a-box-of-parts-have-at stage.
>> And there's a reason I keep writing comments about the problems of
>> continued use of DECnet...
>
> Well, I can now say that the FAL protocol is one of the most ugly
> designs I have seen...
There are lots of ugly protocols in this business. I've created a few
ugly protocols myself.
Stupidly forgot to embed protocol version info in one of my earliest
designs. But I digress.
Ugly protocols may or may not have ugly parsers. But I don't trust parsers.
Got a lot on that best-to-distrust-a-parser topic too, and here's just a taste:
https://blog.trailofbits.com/2019/11/01/two-new-tools-that-tame-the-treachery-of-files/
https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html
> These are protocols that were designed in _very_ different times...
That DECnet is "~unauthenticated" and "unencrypted" tends to be a
bigger concern for many, whether they realize it yet or not.
I'd prefer that DECnet, FTP, telnet, and ilk, all be removed from the
base distro, and made separately installable. With caveats.
Are there CAPTIVE logins around which can be exploited? I'd expect so.
I had great fun exploiting with those using the INQUIRE command, until
that hole got plugged.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list