[Info-vax] String Manipulation
Dave Froble
davef at tsoft-inc.com
Wed Oct 13 16:35:18 EDT 2021
On 10/13/2021 1:30 PM, chris wrote:
> On 10/13/21 17:53, Stephen Hoffman wrote:
>> On 2021-10-13 16:30:07 +0000, HCorte said:
>>
>>> Gona use STR$ELEMENT since allows to split more easly multiple
>>> substrings, the string will alls be valid since I am the one defining
>>> that string into a logical name.
>>
>> Logical names solely translated from privileged modes probably, but
>> there have been exploits against OpenVMS and apps involving translations
>> of untrusted translations.
>>
>> With the knowledge that the exploit referenced in the following SPR
>> involved faulty logical name translation, which logical name and how the
>> exploit worked should be obvious...
>>
>>
>> OPERATING SYSTEM: VAX/VMS V2.1
>> PRODUCT: VAX/VMS
>> COMPONENT: LOGINOUT
>>
>>
>> GRPNAM SECURITY HOLE IN LOGIN
>>
>> PROBLEM STATEMENT:
>>
>> The GRPNAM privilege is an evil demon, allowing the user to
>> invoke its secret entrance for all manner of nefarious
>> purposes not originally intended.
>>
>>
>> RESPONSE FROM DEC:
>>
>> The great wizard VMS confronted the demon, raised his great
>> oaken staff carved in ancient runes, and spoke the magic
>> incantation:
>> "$SETPRV IMAGEACTIVATIONENHANCEDPRIVILEGES $CMKRNL!!"
>> There was a blinding flash of light and puff of smoke, and
>> the demon, reduced to harmlessness, scurried off into the
>> distance.
>>
>> Where his secret entrance had been was naught but a little
>> pile of ashes, which the wind slowly drifted into letters
>> spelling the words "FIXED IN V2.3".
>>
>>
>>
>
> Rofl. At least the world still had a sense of humour in those
> days...
>
> Chris
Yes, they did. And Stan Robonowski (can't spell) SPR on why is year
2000 not a leap year was a real gem.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
More information about the Info-vax
mailing list