Read more
- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - OpenVMS
- >
- OpenVMS / Buffer Overflow
-
-
Categories
- Topics
- Hybrid IT with Cloud
- Mobile & IoT
- IT for Data & Analytics
- Transformation
- Strategy and Technology
- Products
- Cloud
- Integrated Systems
- Networking
- Servers and Operating Systems
- Services
- Storage
- Company
- Events
- Partner Solutions and Certifications
- Welcome
- Welcome
- Announcements
- Tips and Tricks
- Feedback
-
Blogs
- Alliances
- Around the Storage Block
- Behind the scenes @ Labs
- Converged Data Center Infrastructure
- Digital Transformation
- Grounded in the Cloud
- HPE Careers
- HPE Storage Tech Insiders
- Infrastructure Insights
- Inspiring Progress
- Internet of Things (IoT)
- My Learning Certification
- Networking
- OEM Solutions
- Servers: The Right Compute
- Telecom IQ
- Transforming IT
-
Quick Links
- Community
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Contact
- Email us
- Tell us what you think
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Enterprise.nxt
- Marketplace
- Aruba Airheads Community
-
Categories
-
Forums
-
Blogs
-
InformationEnglish
OpenVMS / Buffer Overflow
SOLVED- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-17-2006 06:16 PM
03-17-2006 06:16 PM
One of my customers sent me this question:
In UNIX systems there are a known problem (Buffer Overflow) which is any one can access the system with username ROOT by typing extra letters or commands after root while issuing the username so he can login to the system without password (Buffer Overflow).
So he wants to know if this problem exist in OpenVMS (The secure operating system)
Its urgent for this customer.
Regards
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-17-2006 07:25 PM
03-17-2006 07:25 PM
Re: OpenVMS / Buffer Overflow
Re: OpenVMS / Buffer Overflow
the short answer: NO that does not exist.
If you still do need a longer answer, which would include the technical explanation WHY that CANNOT exist in VMS, then please tell us tou want that as well.
hth.
Proost.
Have one on me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-17-2006 07:47 PM
03-17-2006 07:47 PM
Re: OpenVMS / Buffer Overflow
Re: OpenVMS / Buffer Overflow
Thanks for quick answer, and if possible let me know the long answer, Because my customer want details about this issue.
Best Regards
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-17-2006 09:15 PM
03-17-2006 09:15 PM
Solutionsince you specifically mention the comparison with Unix, I looked up a discussion about that.
You can find the whole discussion on
http://groups.google.com/group/comp.os.vms/browse_frm/thread/e966d70b45d82085/69223e108e9909ad?q=keith+cayemberg+%26+design&rnum=1#69223e108e9909ad
but I took out the relevant part and appended that.
You will note that this particular text is written by an _IBM_ engeneer, so it should be considered to carry some more weight than if it were by "just another VMS" proponent.
(Keith: I know you will not grudge me quoting you. Thanks anyway)
hth.
Proost.
Have one on me.
jpe
Proost.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-18-2006 01:30 AM
03-18-2006 01:30 AM
Re: OpenVMS / Buffer Overflow
Re: OpenVMS / Buffer Overflow
>>> In UNIX systems there are a known problem (Buffer Overflow) which is any one can access the system with username ROOT by typing extra letters or commands after root while issuing the username so he can login to the system without password (Buffer Overflow).
I seriously question that statement.
It looks like someone heard some security things some where at some times and pasted them all together into an English sounding sentence, but it is total nonsense IMHO.
I urge you to validate the statement before going on a wild goose chase.
I do not believe for one moment that there is a sinlge, more or less up to date, Unix implementation where you can still become root by just typing a bad username.
- Sure this may have happened to _some_ Unix at _some_ point in the past ( more than 10 year back?)
- not all Unixes are created equal(ly bad).
- Sure, buffer overflow can and have happened in Unix implementations leading to security risks... But even more so on Windows and also on VMS but much less so (and then notably in the Unixy components like web and tcp tools :-)
- Those Overflow problems tend to be MUCH more contrived than just typing in a funky username.
I'm with Jan that such problems are much less likely to happen under VMS due to the codign pratices deployed by VMS engineering, and application engineers alike:
- string descriptors
- multiple security levels
- extensive runtime library packages
- object protection (acl)
- open-nes: no "security though obscurity"
- QIO/RMS IO buffers layers
Good luck!
Hein.
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2018 Hewlett Packard Enterprise Development LP