[Info-vax] VMS and security
Arne Vajhøj
arne at vajhoej.dk
Fri Nov 18 19:00:21 EST 2022
On 11/17/2022 8:23 AM, Simon Clubley wrote:
> On 2022-11-16, Arne Vajhøj <arne at vajhoej.dk> wrote:
>> On 11/10/2022 8:32 AM, Simon Clubley wrote:
>>> On 2022-11-09, Arne Vajhøj <arne at vajhoej.dk> wrote:
>>>> On 11/9/2022 8:09 AM, Simon Clubley wrote:
>>>>> On 2022-11-08, Arne Vajhøj <arne at vajhoej.dk> wrote:
>>>>>> On 11/8/2022 1:29 PM, Simon Clubley wrote:
>>>>>>> On 2022-11-07, Dave Froble <davef at tsoft-inc.com> wrote:
>>>>>>>> I don't use Linux, but it is my impression that just about everything in Linux
>>>>>>>> is from third parties. Nor is Linux restricted to a single vendor.
>>>>>>>>
>>>>>>>> So why then should VSI be responsible for everything VMS needs?
>>>>>>>>
>>>>>>>> Gotta love double standards ...
>>>>>>>
>>>>>>> Well that's a load of bollocks David. We are talking about things
>>>>>>> that are integral within Linux, in the same way as, say, RMS, clustering,
>>>>>>> and KESU modes are integral within VMS.
>>>>>>
>>>>>> That was pretty strong words given that you are only 75% correct ...
>>>>>
>>>>> I've just reviewed my list in the posting that David is responding to
>>>>> and I don't see it, so can you tell me which 25% am I wrong about ?
>>>>
>>>> Really?
>>>>
>>>> So if we from that list:
>>>>
>>>> # For example, Linux has mandatory access controls and VMS is still stuck
>>>> # back in the DAC world.
>>>> #
>>>> # There's no ASLR/KASLR support on VMS.
>>>> #
>>>> # There's nothing like the Unix chroot jails on VMS.
>>>> #
>>>> # Compiler protections in generated code has been lacking on VMS compared
>>>> # to what is available elsewhere, but John in recent years has started
>>>> # looking at getting comparable protections in the VMS compilers, when it
>>>> # comes to generating code, that currently exist elsewhere.
>>>>
>>>> create a little pop quiz:
>>>>
>>>> Which of the following items:
>>>> A) mandatory access controls
>>>> B) ASLR
>>>> C) chroot jails
>>>> D) Compiler protections in generated code
>>>> are not "integral within Linux"?
>>>>
>>>> Then you have no idea?
>>>>
>>>
>>> They all are present and integrated within Linux these days Arne. Which one
>>> do you think is missing from Linux ?
>>
>> Well - maybe you are not aware.
>>
>> But the compiler used by Linux GCC is not "integral within Linux"
>> (your words) but "from third parties" (Davids words). It comes
>> from the GNU project not the Linux kernel project.
>
> A review of my posting history, including discussion of work I have
> done on them in the past, would make it very clear I know this.
I know that you have a high opinion about yourself.
> However, you have moved from talking about the compiler protections
> to talking about the compilers themselves.
The code generated by the compiler is certainly different from the
compiler itself.
But the first comes from the second.
>> That a compiler is used to build something does not make it
>> an integral part of what is being build.
>
> No, but the resulting compiler protections _ARE_ an integral part of
> Linux just as I stated above. Note that I never stated anything about
> the compilers themselves above, but only the resulting protections.
A Linux binary compiled with GCC using the compile switch that
enable SSP has this feature.
But it is the third party product GCC that makes it possible.
It is not a characteristics of Linux. It is the benefit of the
third party tooling available for Linux.
Arne
More information about the Info-vax
mailing list