[Info-vax] Kernel Transplantation

[Mark Berryman]

On 1/17/24 6:11 AM, Simon Clubley wrote:
> On 2024-01-16, Lawrence D'Oliveiro <ldo at nz.invalid> wrote:
>> On Thu, 11 Jan 2024 13:48:37 -0000 (UTC), Simon Clubley wrote:
>>
>>> On 2024-01-10, Lawrence D'Oliveiro <ldo at nz.invalid> wrote:
>>>>
>>>> Nowadays, the whole Internet is built on the concept of running secure
>>>> protocols over insecure channels. Those secure protocols can in turn be
>>>> channels for older, insecure protocols--this is not rocket science.
>>>
>>> Things like SSL only protect data in motion. It does nothing to help you
>>> if the server software on the receiving end of that SSL connection has a
>>> vulnerability within it.
>>
>> Not sure why that?s relevant to the issue of whether to support DECnet or
>> not.
> 
> The server software with the vulnerability could be the DECnet stack
> running on that server.
> 
> BTW, has anyone been able to do a $ show proc/priv against the EVL listener
> PID and are you able to post the output ?
> 
> I notice that no-one, including Mark yet, has posted this, so I wonder
> just how many of you are actually running the DECnet Phase IV stack on
> your machines.

Sorry, I am only infrequently on this forum.

On my system EVL runs with exactly the privs I specified earlier but I 
did do some digging.

EVL is started by netacp in whatever account netacp is running using the 
command file sys$system:evl.com.  EVL neither raises nor lowers privs. 
The startup command file normally looks like this:
$ !  Copyright (c) 1987 Digital Equipment Corporation.  All rights reserved.
$ SET NOON
$ IF "''EVL$COMMAND'" .NES. "" THEN EVL$COMMAND
$ RUN SYS$SYSTEM:EVL
$ PURGE/KEEP=3 EVL.LOG
$ LOGOUT/BRIEF

However, sometime in the dim and distant past (meaning I no longer 
remember when or why) I inserted this line:

$ SET PROCESS/PRIVILEGES=(NOALL,SYSNAM,OPER,SYSPRV,NETMBX,TMPMBX)

which is why EVL is limited in privs on my system.  Anyone concerned can 
make the same edit.

Mark Berryman