[Info-vax] Kernel Transplantation
Arne Vajhøj
arne at vajhoej.dk
Thu Jan 18 08:33:24 EST 2024
On 1/18/2024 8:06 AM, Simon Clubley wrote:
> On 2024-01-17, Lawrence D'Oliveiro <ldo at nz.invalid> wrote:
>> On Wed, 17 Jan 2024 13:11:31 -0000 (UTC), Simon Clubley wrote:
>>> The server software with the vulnerability could be the DECnet stack
>>> running on that server.
>>
>> Any reason why you think DECnet is particularly prone to introducing
>> security holes, per se?
>
> Because, at best, it has only had a very small fraction of the effort
> spent on probing it that the mainstream network stacks have had.
Less probing and less evolution.
I don't think DECnet phase IV was worse than other networking
at the time (late 70's to early 90's). But other networking
which ended up being almost entirely TCP/IP evolved.
I don't know if phase V had better options that just did
not materialize because everyone only used the phase IV
compatibility stuff in phase V.
But if DEC and VMS had evolved like the rest of the IT world
then we would have been at phase VII or VIII now - and I am
sure that it would have been much better security wise.
Well - back to the real world. DECnet is old and has not
evolved.
Arne
More information about the Info-vax
mailing list