[Info-vax] Why not reimplement SEVMS into x86 OpenVMS?

[Stephen Hoffman]

On 2022-11-21 13:41:04 +0000, Simon Clubley said:

> SEVMS MAC is limited compared to what SELinux can do.
> For example, the last public documentation I could find showed no 
> integration of SEVMS into UCX, or TCP/IP in general, at all.

DECnet was included in the SEVMS work, but the DECnet network was also 
required to be entirely private and protected.

IP was not included, and AFAIK has never acquired support any for MAC.

There was an effort to add Multi-Level Security (MLS) support into 
OpenVMS and into IP, which involved changes to NFS and a whole pile of 
other network chatter. Work on MLS was canceled well before it became 
available. That happened around the same time work on SEVMS itself was 
shelved. MLS was never integrated past a few symbols and such 
incorporated into the base OS.  q.v. the Access Control List Object 
Information Label (ACE$C_OIL), etc.

OpenVMS is bad at isolating compromised apps. It's sorta-kinda possible 
if the local folks are good at this stuff and expend some effort 
messing about with ACLs on all sorts of stuff within the app, but still 
comparatively limited. And it's very easy to miss something. Absent MAC 
security, an app can expose its own data, or can potentially perform 
various unintended-by-the-developer activities at run-time. The latter 
is the sort of stuff that usuallyy gets blocked by pledge() calls, or 
jails/sandboxes.



-- 
Pure Personal Opinion | HoffmanLabs LLC