[Info-vax] Why not reimplement SEVMS into x86 OpenVMS?
Single Stage to Orbit
alex.buell at munted.eu
Mon Nov 21 18:58:10 EST 2022
On Mon, 2022-11-21 at 15:27 -0500, Stephen Hoffman wrote:
> OpenVMS is bad at isolating compromised apps. It's sorta-kinda
> possible if the local folks are good at this stuff and expend some
> effort messing about with ACLs on all sorts of stuff within the app,
> but still comparatively limited. And it's very easy to miss
> something. Absent MAC security, an app can expose its own data, or
> can potentially perform various unintended-by-the-developer
> activities at run-time. The latter is the sort of stuff that usuallyy
> gets blocked by pledge() calls, or jails/sandboxes.
If OpenVMS can support nested virtualisation on x86_64, I guess it
could be possible to run OpenVMS within OpenVMS, opening the
possibility to isolate applications from each other.
I can do it with Linux and VirtualBox, running Windows 11 as a guest,
with Virtualbox installed in it, running windows 10 in it as another
guest. Turtles all the way down ...
--
Tactical Nuclear Kittens
More information about the Info-vax
mailing list