[Info-vax] Kernel Transplantation

Fri Jan 19 10:33:18 EST 2024

In article <uobmub$2m944$1 at dont-email.me>,
Mark Berryman  <mark at theberrymans.com> wrote:
>On 1/18/24 6:06 AM, Simon Clubley wrote:
>> On 2024-01-17, Lawrence D'Oliveiro <ldo at nz.invalid> wrote:
>>> On Wed, 17 Jan 2024 13:11:31 -0000 (UTC), Simon Clubley wrote:
>>>> The server software with the vulnerability could be the DECnet stack
>>>> running on that server.
>>>
>>> Any reason why you think DECnet is particularly prone to introducing
>>> security holes, per se?
>> 
>> Because, at best, it has only had a very small fraction of the effort
>> spent on probing it that the mainstream network stacks have had.
>
>Simon's postings would tend to indicate that he believes that anything 
>not subject to constant probing by hundreds or thousands of hack.., er, 
>security researchers is just full of latent bugs waiting to be discovered.

History has shown that Simon is mostly correct in that belief.

>It might help to remember that the IP stack was designed by committee 
>and implemented by an even more diverse group, some good at programming, 
>some not so much.  DECnet, however, was designed and implemented by a 
>much smaller group, which often leads to much better code.  I suspect, 
>but don't know for sure, that the designers and implementers were also 
>essentially the same people.  (They were also very good).

Which IP stack are you referring to?  IP has been implemented
many times by many different groups; even on VMS!

>Also, once upon a time, DECnet was a more diverse network than the 
>internet.  Until the internet went public in the early 90s, it was quite 
>limited in scope, consisting mainly of some government institutions, 
>some government contractors, and some universities.  DECnet, however, 
>was used to implement a number of world-wide networks consisting of many 
>diverse endpoints.  There was some probing that went on but not a whole 
>lot.  For one, with DECnet the source was too easy to trace and, for 
>another, if any of the probes were successful I never heard of it (I was 
>on SPAN at the time).  This was all DECnet phase IV.  After the internet 
>went public, these networks ran multiple protocols in parallel, 
>including TCP/IP and DECnet.  As DEC equipment was phased out at these 
>sites, so was DECnet.  But it somehow managed to survive without issue 
>all those years.  (The only known problems were caused by local 
>misconfigurations by people who didn't read the manual and simply 
>accepted defaults that should have been better.  None were cause by the 
>stack itself.)
>
>Finally, as I mentioned in an earlier post, it is trivial in today's 
>world to isolate one's DECnet stack from anything other than trusted 
>hosts.  On any network where I have been involved, it some host were 
>compromised, and if that host were to try to probe DECnet, none of its 
>packets would even reach the DECnet interface of any host that was 
>actually running DECnet.
>
>There are, after all, many ways to implement security.
>
>My two cents.

I dunno.  I'd bet a month's salary that more packets travel
across the Internet in a day than have transitted DECnet ever.
That's a lot of testing and hardening.

This of course doesn't mean that DECnet implementations are
insecure, but it does mean they are a _lot_ less tested.  It
could be that they're insecure and no one realizes because no
one has tested sufficiently.  That means there's an element of
risk there that doesn't exist with e.g. the Linux or BSD TCP/IP
stacks.

	- Dan C.