Re: Upcoming time boundary events

On 2025-06-05, Lawrence D'Oliveiro <ldo@nz.invalid> wrote:

On Thu, 05 Jun 2025 10:44:51 +0200, Marc Van Dyck wrote:
>

Lawrence D'Oliveiro laid this down on his screen :

>
Basic security should be built into the core OS installation, not added
as an afterthought -- and an extra-cost one at that.

 
There are already many security features available in OpenVMS. More than
what many people need. There must be a trade-off. Building more stuff
into the OS means that more customers pay for features they don't need.

>
Look at what comes standard in the Linux kernel: cgroups, namespaces,
containers, virtualization, SELinux, AppArmor, the whole pluggable LSM
mechanism, seccomp, netfilter, EBPF ... and that?s just off the top of my
head.
>

It also has ASLR, KASLR, shells that don't have access to privileges
outside of the privileges the user has, and encrypted filesystems.
It also has secure password hashing algorithms and a central source
of entropy, both of which have only recently been added to x86-64 VMS
(but not added to the other VMS architectures).

On a non-security level, it also has support for filesystems in user
space, and pluggable kernel mode filesystems (which can be unloaded
again without needing a reboot).

Simon.

--
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.