[Info-vax] Assembly languages

VAXman- at SendSpamHere.ORG VAXman- at SendSpamHere.ORG
Tue Apr 12 21:05:25 EDT 2022 

In article <t34u7f$vlv$1 at dont-email.me>, Simon Clubley <clubley at remove_me.eisner.decus.org-Earth.UFP> writes:
>On 2022-04-12, Dave Froble <davef at tsoft-inc.com> wrote:
>> On 4/12/2022 1:34 PM, Simon Clubley wrote:
>>
>>> The key question is this: Can a non-privileged user who gets code they
>>> control running in supervisor mode come up with a way to switch to
>>> from supervisor mode to executive mode or kernel mode ?
>>
>> No, unless, there is some bug, and any bugs in any code pretty much calls off 
>> any talk of security.
>>
>
>Actually, yes you can. If you don't want to mess around with trying to
>hook your supervisor mode code into DCL in a way that allows you do
>run it while a privileged image is active, you can simply activate a
>privileged image while in supervisor mode and then use the privileges
>of the image.
>
>If that image has CMEXEC or CMKRNL privilege, you can use them to get
>yourself into executive or kernel mode.

Ah, you can't distinguish privileged installed images from inner mode
access but you can lecture us that there's no difference.  Yeah, uh, I
get it now... not.


>It should be considered a bug IMHO, but that's how VMS works.
>
>In fairness, that was probably considered acceptable in the isolated
>systems of the 1970s. Today, not so much.
>
>> Yes Simon, you found a bug, and it has now been fixed.  Can you still use the 
>> same exploit?
>>
>> Unless you find another bug, then a non-prived user cannot gain privs, unless 
>> they are granted to that user or process.
>>
>
>That isn't what this is about.
>
>This discussion started because I am of the opinion, that from
>a security point of view, VMS is just another 2-mode operating
>system with its single inner mode split across 3 hardware modes.

Fuck opinions!  Opinions are like assholes and yours stinks.  Show me a real
world working proof!  ... you can't.



>That means, if you have code running in supervisor mode, that code
>can get access to executive or kernel mode without any additional
>privileges required on the logged in account itself.

I have asked repeatedly.  PROVE IT or shutup already.  Code it and I will
concede.  C.O.V. USED to have people that would provide code to prove or
disprove that which they had stated.  Seeing as how nobody really knowns
if you know VMS or not, I'd expect you'd follow suit.  You talk the talk
but you can not walk the walk.

-- 
VAXman- A Bored Certified VMS Kernel Mode Hacker    VAXman(at)TMESIS(dot)ORG

I speak to machines with the voice of humanity.

More information about the Info-vax mailing list