On 2022-11-09 14:01:09 +0000, Dave Froble said:
> On 11/3/2022 9:42 AM, Simon Clubley wrote:
>> On 2022-11-02, IanD <
iloveo...@gmail.com> wrote:
>>>
>>> I would have thought VMS could leverage it's historical reputation in
>>> security to give it an advantage against Linux at least, but I'm not
>>> convinced it has done enough to ensure it's up to date in the modern
>>> security landscape and it really needs to make sure it has it's ducks
>>> all in a row and then some because any failure in the security arena
>>> could/would end VMS chances of making a comeback
>>
>> Unfortunately, the idea of VMS security somehow being comparable to
>> today's expected security standards is utterly delusional.
>
> Who's expectations?
The expectations of folks with some experience with securing and
isolating apps and data on various available systems, of course.
>> Even Linux is _far_ in advance of what VMS offers.
>
> Perhaps in some areas, and perhaps VMS is ahead in others.
Clustering and host-based RAID-1 is still pretty good, but few OpenVMS
folks use that due to its pricing. And other platforms have
alternatives to those.
>> For example, Linux has mandatory access controls and VMS is still stuck
>> back in the DAC world.
>
> Is this the only method?
Traditional mandatory access control (MAC) security isn't widely used.
Some of the concepts from MAC security were repurposed, and are used.
OpenVMS does have MAC features, though many of the related tools were
retired with the old layered product. The MAC features could be the
foundation for better app isolation. Some of the MAC features have
served well underneath sandboxes and jails, and underneath containers.
Subsystem identifiers and the latent bits of MAC can be used to build
your own isolation scheme, but that all gets Really Ugly. And none of
that restricts available calls past what privileges might be involved;
BSD-style pledges or such, and unveil.
https://man.openbsd.org/pledge
https://man.openbsd.org/unveil.2 etc.
>> There's no ASLR/KASLR support on VMS.
>
> Is this the only method?
It's one of the more common means of making exploitation more unstable.
Pointer authentication is another. The two can and variously are
combined.
>> There's nothing like the Unix chroot jails on VMS.
>
> Is this the only method?
Sandboxes and jails are the typical means, and BSD-style promises can
get part way there. These mechanisms also tend to be the foundation of
containers.
>> Compiler protections in generated code has been lacking on VMS compared
>> to what is available elsewhere, but John in recent years has started
>> looking at getting comparable protections in the VMS compilers, when it
>> comes to generating code, that currently exist elsewhere.
>>
>> Back in the 1980s/early 1990s, VMS was a leader in security and it has
>> proudly remained there while the rest of the world has moved on.
>
> It is understood that VMS has been neglected by it's owners for some
> time. However, the question of how far behind could be interesting.
Fairly far behind, yes.
> Simon, you throw out things used elsewhere and claim that that is the
> only way to provide security. I don't think that is quite accurate.
An install that's running isolated is a possibility, though the
traditional means of trying to prevent app and system
compromises—writing totally mistake-free code—has proven somewhat
problematic.