Re: OpenVMS security?
From: David J Dachtera (djesys.nospam_at_comcast.net)
Date: 07/17/04
- Next message: Jay Olson: "Re: DECnet question"
- Previous message: Bob Ceculski: "Re: OpenVMS security?"
- In reply to: Undisclosed: "OpenVMS security?"
- Next in thread: Bob Ceculski: "Re: OpenVMS security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 17 Jul 2004 11:44:16 -0500
Undisclosed wrote:
>
> couple of questions from a OpenVMS newbie with a little (real little)
> security knowledge.
>
> 1. OpenVMS is mostly written in a variety of type-safe languages, correct?
>
> what parts of it are written in C or other type-unsafe languages, since
> I heard it also uses small amounts of C? I would assume that the OS
> kernel is.
This is to expand a bit on Larry K.'s answers. He is a security expert -
take him very seriously!
The VMS kernel is mostly a DEC language claled BLISS and VAX Assembler.
Note that on Alpha, VAX Assembler is actually a 3GL. Some elements
needed to be Alpha Assembler. I doubt you'll find much, if any, C in the
kernel code and where you do find it, it conforms to the calling
standards and other structures which eliminate the possibility fo buffer
overrun attacks.
> also
>
> 2. In one description of very early VMS security I read,
I'd discard that. Most of "early VMS" has been redeveloped over the
years.
> VMS was
> categorized as having too many and too closely linked security levels,
I'd consider that a misinterpretation.
> thus rendering the benefit from properly applied access control
> granularity useless since one could easily chain several small
> vulnerabilities to do the work that one big one would do on other systems.
Same. "Small vulnerabilities" is open to a great deal of interpretation.
Stated simply, there are some VMS privileges that grant a great deal of
access to other privileged areas. Getting privileges you don't have is
challenge, and VMS has been architected very well in this area to ensure
that this cannot be easily accomplished.
> how has this been changed in later versions of VMS, since I heard that
> the criticisms no longer apply? Wasn't there a significant rewrite?
Yes. VMS today is improved from earlier versions. Having worked on
VAX/VMS V3.2 (which still had RSX-compatibility options), I'd say the
improvements are substantial enough so as to not be of cencern at this
point.
> 3. OpenVMS's native access control would be considered discressionary
> (sp..) like Unix's is, correct? Except that it has much finer
> granularity (more priviledge levels).
Not sure what you mean by "privilege levels". VMS has individual
privileges to enable certain functions and/or classes of functions. For
object protection, UN*X has three levels: owner group and world. VMS has
four levels: System, owner, group and world. UN*X has the "superuser"
(root) and non-privileged types of users. VMS has "system class" users,
but also has individual privileges, as mentioned earlier.
> is there support for a "Trusted VMS" along the lines of Trusted Solaris,
> SELinux, or TrustedBSD using Mandatory Access Control or Multilevel
> Security models?
I think that's an "apples to beef" comparison - those other systems have
security added in as an after-thought, sometimes even a third-party
add-in. VMS has security as a criterion of the architecture.
> 4. What is OpenVMS's record against race conditions/TOCTOU (Time of
> Check, Time of Use) bugs and other non buffer overflow attacks? How does
> OpenVMS defend against them in general?
Not sure I can offer anything intelligent here.
> final note, what the hell is wrong with HP that they won't port OpenVMS
> to the damned Opteron?
<soapbox>
OpenVMS Engineering has a psychosis about the IA32 and x86-64
architectures. They go to great lengths to explain why they are so deep
into denial that IA32 runs "the world" that one can only wonder what
trauma they may have suffered, and what therapy it would take to "cure"
them.
Other than the usual nonsensical blather about "scalable architectures",
there has never been a valid reason put forth for the lack of IA32
support in OpenVMS other than the lack of IRQs in the typical IA32 mobo
design and the dearth of registers in the CPU design. Certainly there
are design challenges. Even Itanic has yet to gain the upper hand on the
water pouring through its breached hull, make repairs, right itself, and
sail on to success; yet VMS continues to "bet the farm" on this 64-bit
wanna-be that has yet to leave the gate even after ten years during
which time Alpha has achieved commercial data processing success and
been struck down in its prime.
> I'd love to see more competition in the OS marketplace, and aggressively
> pricing OpenVMS as a solid server while putting it on real commodity
> hardware might win OVMS a lot more users.
Manhy of us have been saying that for many, many years:
http://www.djesys.com/vms/soho/
</soapbox>
-- David J Dachtera dba DJE Systems http://www.djesys.com/
- Next message: Jay Olson: "Re: DECnet question"
- Previous message: Bob Ceculski: "Re: OpenVMS security?"
- In reply to: Undisclosed: "OpenVMS security?"
- Next in thread: Bob Ceculski: "Re: OpenVMS security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
