[Info-vax] Assembly languages
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Tue Apr 12 20:17:42 EDT 2022
On 2022-04-12 21:09:18 +0000, Dave Froble said:
> On 4/12/2022 1:34 PM, Simon Clubley wrote:
>
>> The key question is this: Can a non-privileged user who gets code they
>> control running in supervisor mode come up with a way to switch to from
>> supervisor mode to executive mode or kernel mode ?
>
> No, unless, there is some bug, and any bugs in any code pretty much
> calls off any talk of security.
>
> Yes Simon, you found a bug, and it has now been fixed. Can you still
> use the same exploit?
>
> Unless you find another bug, then a non-prived user cannot gain privs,
> unless they are granted to that user or process.
Supervisor mode is a trusted mode.
Absent redesigning how an OpenVMS command interpreter works, obtaining
full privileges from arbitrary supervisor mode code is feasible.
There's no bug here.
I explained how this path worked to an OpenVMS developer some years ago.
Them: 😳
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list