[Info-vax] VSI strategy for OpenVMS
Arne Vajhøj
arne at vajhoej.dk
Thu Sep 16 14:40:31 EDT 2021
On 9/16/2021 2:04 PM, Simon Clubley wrote:
> On 2021-09-16, Arne Vajhøj <arne at vajhoej.dk> wrote:
>> On 9/16/2021 1:50 PM, Simon Clubley wrote:
>>> On 2021-09-16, Arne Vajhøj <arne at vajhoej.dk> wrote:
>>>> On 9/15/2021 7:07 PM, kemain.nospam at gmail.com wrote:
>>>>> It will be interesting to see if OpenVMS runs into this same challenge not
>>>>> that it will soon be released on X86-64.
>>>>
>>>> I don't think the change in HW platform would result in many more
>>>> patches.
>>>
>>> It's not that clear Arne. The change in architecture to x86-64 will bring
>>> along security researchers who have tools for probing operating systems
>>> running on that architecture.
>>
>> I am not convinced that the number of people:
>> - interested in checking VMS
>> - willing to get and install VMS on a standard VM
>> - not willing to get and install VMS on a VAX or Alpha emulator
>> is that big.
>
> There are more tools available for probing operating systems running
> on x86-64 than there are for those same operating systems running on
> VAX or Alpha.
>
> There are other reasons the barriers to probing on x86-64 are lower
> as well. For example, those researchers are far more likely to know
> in great detail the x86-64 architecture (when writing shellcode, etc)
> than they would the VAX or Alpha architectures.
If one actually wants to hack an Alpha it is necessary to insert
valid Alpha instructions to be executed.
But for research inserting x86-64 instructions and see something
crash should be sufficient to prove that there is a vulnerability.
I think you will be disappointed about the number of security
researchers that will look at VMS when VMS x86-64 hits the
streets.
It may very well end up like zero.
Arne
More information about the Info-vax
mailing list