Unix (In)Security

bet at ecsvax.UUCP bet at ecsvax.UUCP
Sat Dec 8 12:02:21 AEST 1984


Wait, wait, wait, formally 'prove" VM secure? Gaaak. Not physically
possible -- it runs on an IBM S-370, and emulates complete S-370's for
each user -- including permitting users to run code in supervisor state,
which lets them run channel control programs, which can do
mindbogglingly complex things... VM, last I heard, attempts to look at a
channel control program to figure out what it might do before it runs
it, though I heard there were bugs in the attempt to sniff them out when
the channel control programs were self-modifying. I saw an article about
a year and a half or two years ago, which concluded basically that VM is
pretty secure these days since anybody bright enough to decrypt the IBM
documentation will be having more fun and making more money playing with
UNIX -- security through obfuscation.

Bennett Todd
...{decvax,ihnp4,akgua}!mcnc!ecsvax!bet



More information about the Comp.unix.wizards mailing list