[Info-vax] Kernel Transplantation
Dave Froble
davef at tsoft-inc.com
Wed Jan 17 21:43:42 EST 2024
On 1/17/2024 8:11 AM, Simon Clubley wrote:
> On 2024-01-16, Lawrence D'Oliveiro <ldo at nz.invalid> wrote:
>> On Thu, 11 Jan 2024 13:48:37 -0000 (UTC), Simon Clubley wrote:
>>
>>> On 2024-01-10, Lawrence D'Oliveiro <ldo at nz.invalid> wrote:
>>>>
>>>> Nowadays, the whole Internet is built on the concept of running secure
>>>> protocols over insecure channels. Those secure protocols can in turn be
>>>> channels for older, insecure protocols--this is not rocket science.
>>>
>>> Things like SSL only protect data in motion. It does nothing to help you
>>> if the server software on the receiving end of that SSL connection has a
>>> vulnerability within it.
>>
>> Not sure why that?s relevant to the issue of whether to support DECnet or
>> not.
>
> The server software with the vulnerability could be the DECnet stack
> running on that server.
>
> BTW, has anyone been able to do a $ show proc/priv against the EVL listener
> PID and are you able to post the output ?
>
> I notice that no-one, including Mark yet, has posted this, so I wonder
> just how many of you are actually running the DECnet Phase IV stack on
> your machines.
>
> Simon.
>
Well, rather old, on a VAX/VMS V7.2 system.
$ show proc/priv/id=90
17-JAN-2024 21:37:35.63 User: DECNET Process ID: 00000090
Node: DFE90A Process name: "EVL"
Authorized privileges:
ACNT ALLSPOOL ALTPRI AUDIT BUGCHK BYPASS CMEXEC CMKRNL
IMPERSONATDIAGNOSE DOWNGRADE EXQUOTA GROUP GRPNAM GRPPRV IMPORT
LOG_IO MOUNT NETMBX OPER PFNMAP PHY_IO PRMCEB PRMGBL
PRMMBX PSWAPM READALL SECURITY SETPRV SHARE SHMEM SYSGBL
SYSLCK SYSNAM SYSPRV TMPMBX UPGRADE VOLPRO WORLD
Process privileges:
ACNT may suppress accounting messages
ALLSPOOL may allocate spooled device
ALTPRI may set any priority value
AUDIT may direct audit to system security audit log
BUGCHK may make bug check log entries
BYPASS may bypass all object access controls
CMEXEC may change mode to exec
CMKRNL may change mode to kernel
IMPERSONATE may impersonate another user
DIAGNOSE may diagnose devices
DOWNGRADE may downgrade object secrecy
EXQUOTA may exceed disk quota
GROUP may affect other processes in same group
GRPNAM may insert in group logical name table
GRPPRV may access group objects via system protection
IMPORT may set classification for unlabeled object
LOG_IO may do logical i/o
MOUNT may execute mount acp function
NETMBX may create network device
OPER may perform operator functions
PFNMAP may map to specific physical pages
PHY_IO may do physical i/o
PRMCEB may create permanent common event clusters
PRMGBL may create permanent global sections
PRMMBX may create permanent mailbox
PSWAPM may change process swap mode
READALL may read anything as the owner
SECURITY may perform security administration functions
SETPRV may set any privilege bit
SHARE may assign channels to non-shared devices
SHMEM may create/delete objects in shared memory
SYSGBL may create system wide global sections
SYSLCK may lock system wide resources
SYSNAM may insert in system logical name table
SYSPRV may access objects via system protection
TMPMBX may create temporary mailbox
UPGRADE may upgrade object integrity
VOLPRO may override volume protection
WORLD may affect other processes in the world
Process rights:
SYSTEM resource
BATCH
System rights:
SYS$NODE_DFE90A
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
More information about the Info-vax
mailing list