Thread: Sciences on Moon
View Single Post
  #51  
Old 11-18-2006, 12:30 PM
Methem Methem is offline
Registered User
  
Join Date: Dec 2004
Location: Oulu, Finland
Posts: 221
Re: Sciences on Moon
Quote:
Originally Posted by VAXman View Post
The bandwagoneering argument has never been correlated. If a hacker really wanted to make an impact, I'd think somewhere where it made a large impact would be targetted -- not mom's recipe files on her Weendoze PeeCee.

Buffer overruns executing arbitrary code? Impossible on VMS. Code and data have always been segregated. Pages in memory have protections that protect inner (privileged) modes from executing code -- malicious or otherwise. The whole "privilege" paradigm in VMS extends to all objects -- processes/jobs, memory, disk, images, etc. The image activator, once an image has been activated, keeps the code sections in mapped virtual pages that are read only. Any attempt to do/use a data overrun (one of the major mechanisms employed to breach other systems) would yield an Access Violation when it tried to write in a code region. IF it would only over write data in a process's image data space, it could NEVER be executed even if written there.

Now, if somebody wants to download malicious code from a sight, install it with privies and subsequently execute it, that will be a problem. However, it is not a security issue in the OS; that is a security issue with the idiot that installed the malicious code.

VMS development is a process. Code is reviewed by others in the group. Data integrity and security are the chief criteria for the code review. Feature parity is way down on the list. Features are not introduced if they sacrifice the aforementioned.

I could ramble on for hours. There are OS constructs that do not exist in any other OS. They are there for a reason -- data integrity and security. These things were designed into the OS from the get-go; not layered on as an after thought. If the foundation of flawed and weak, no amount of plastered on after thought security is going to prevent a breach.
Ok, ok... understood. And I'm not knowledgeable enough to try to argue with you.

As for rambling on for hours, please do: Then I don't need to spend any time or money on obtaining the VMS internals books, as I'll get all the necessary information here.

Do you know how well NSK and z/OS are handling these same issues you've mentioned, by the way?


-Methem
Reply With Quote