[Info-vax] Kernel Transplantation

Dave Froble davef at tsoft-inc.com
Thu Jan 18 15:24:28 EST 2024 

On 1/18/2024 12:25 PM, Mark Berryman wrote:
> On 1/18/24 6:06 AM, Simon Clubley wrote:
>> On 2024-01-17, Lawrence D'Oliveiro <ldo at nz.invalid> wrote:
>>> On Wed, 17 Jan 2024 13:11:31 -0000 (UTC), Simon Clubley wrote:
>>>> The server software with the vulnerability could be the DECnet stack
>>>> running on that server.
>>>
>>> Any reason why you think DECnet is particularly prone to introducing
>>> security holes, per se?
>>
>> Because, at best, it has only had a very small fraction of the effort
>> spent on probing it that the mainstream network stacks have had.
>
> Simon's postings would tend to indicate that he believes that anything not
> subject to constant probing by hundreds or thousands of hack.., er, security
> researchers is just full of latent bugs waiting to be discovered.

No, really?  Someone else noticed this?  And here I thought it was just me ..

> It might help to remember that the IP stack was designed by committee and
> implemented by an even more diverse group, some good at programming, some not so
> much.  DECnet, however, was designed and implemented by a much smaller group,
> which often leads to much better code.  I suspect, but don't know for sure, that
> the designers and implementers were also essentially the same people.  (They
> were also very good).

Well, it does work well, for what it does.

> Also, once upon a time, DECnet was a more diverse network than the internet.
> Until the internet went public in the early 90s, it was quite limited in scope,
> consisting mainly of some government institutions, some government contractors,
> and some universities.  DECnet, however, was used to implement a number of
> world-wide networks consisting of many diverse endpoints.  There was some
> probing that went on but not a whole lot.  For one, with DECnet the source was
> too easy to trace and, for another, if any of the probes were successful I never
> heard of it (I was on SPAN at the time).  This was all DECnet phase IV.  After
> the internet went public, these networks ran multiple protocols in parallel,
> including TCP/IP and DECnet.  As DEC equipment was phased out at these sites, so
> was DECnet.  But it somehow managed to survive without issue all those years.
> (The only known problems were caused by local misconfigurations by people who
> didn't read the manual and simply accepted defaults that should have been
> better.  None were cause by the stack itself.)

Sure, blame the user (guilty) ...

> Finally, as I mentioned in an earlier post, it is trivial in today's world to
> isolate one's DECnet stack from anything other than trusted hosts.  On any
> network where I have been involved, it some host were compromised, and if that
> host were to try to probe DECnet, none of its packets would even reach the
> DECnet interface of any host that was actually running DECnet.
>
> There are, after all, many ways to implement security.
>
> My two cents.
>
> Mark Berryman
>


-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list