[Info-vax] VSI strategy for OpenVMS
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Fri Sep 17 08:51:13 EDT 2021
On 2021-09-16, Arne Vajhøj <arne at vajhoej.dk> wrote:
>
> If one actually wants to hack an Alpha it is necessary to insert
> valid Alpha instructions to be executed.
>
> But for research inserting x86-64 instructions and see something
> crash should be sufficient to prove that there is a vulnerability.
>
That tells you there's a program/system crasher vulnerability.
It doesn't tell you if it can be converted to a RCE vulnerability.
RCE vulnerabilities are _way_ more sexy to an attacker. :-)
(They also require much more work and detailed system/architecture knowledge.)
> I think you will be disappointed about the number of security
> researchers that will look at VMS when VMS x86-64 hits the
> streets.
>
> It may very well end up like zero.
>
Something new and different, combined with VSI's marketing language ?
I'm not so sure of that...
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list