"Johnny" == Johnny Billquist <bqt at softjar.se> writes:
Johnny> Paul Koning wrote:
There is an "assign" syscall (which normally in RSTS means
"reserve this device for me even when it's not open") which binds
a ddcmp driver pseudo-device unit to a tty device unit number, via
a syscall parameter. So you could have, say, up to 8 ddcmp ports,
and those could be bound at runtime to any of your terminal ports.
Johnny> Way nice. In RSX, you need to reserve the whole controller at
Johnny> netgen, and no ports can be used by anything else than DECnet
Johnny> if you set it up. DECnet/RSX has its own device driver for
Johnny> the serial port cards.
For RSTS it's a connection from the regular terminal driver to the
DDCMP driver, which acts as a sort of coprocessor.
Linux has the same notion; it's called "line discipline" if I remember
right, and is nicely modular. That's where DDCMP would go if one were
to do it for Linux.
paul
Paul Koning wrote:
"Johnny" == Johnny Billquist <bqt at softjar.se> writes:
Johnny> I wonder why you can't set it from NCP though? Weird if they
Johnny> have the functionality, but no "normal" way of enabling it.
>> Probably history. I created the async DDCMP driver when I was
>> doing the (unreleased) PRO port for RSTS (9.6 originally). I
>> handed it to RSTS development, and they integrated it into the
>> release. But I personally never did the NCP work. Probably
>> because it wasn't familiar code and it would have been a lot of
>> work. Instead, I just wrote a little 10 line utility to issue the
>> line on/off syscalls to the kernel.
Johnny> Way fun, and impressive. Thanks for that piece of information
Johnny> and history. I guess they didn't see much need of DDCMP
Johnny> support in RSTS/E at that point. How did you select which
Johnny> serial port it would use, by the way? Or was this only done
Johnny> for the PRO? Hmm, I guess it could have been passed in in
Johnny> the syscall...
There is an "assign" syscall (which normally in RSTS means "reserve
this device for me even when it's not open") which binds a ddcmp
driver pseudo-device unit to a tty device unit number, via a syscall
parameter. So you could have, say, up to 8 ddcmp ports, and those
could be bound at runtime to any of your terminal ports.
Way nice. In RSX, you need to reserve the whole controller at netgen, and no ports can be used by anything else than DECnet if you set it up. DECnet/RSX has its own device driver for the serial port cards.
Johnny
"Johnny" == Johnny Billquist <bqt at softjar.se> writes:
Johnny> I wonder why you can't set it from NCP though? Weird if they
Johnny> have the functionality, but no "normal" way of enabling it.
Probably history. I created the async DDCMP driver when I was
doing the (unreleased) PRO port for RSTS (9.6 originally). I
handed it to RSTS development, and they integrated it into the
release. But I personally never did the NCP work. Probably
because it wasn't familiar code and it would have been a lot of
work. Instead, I just wrote a little 10 line utility to issue the
line on/off syscalls to the kernel.
Johnny> Way fun, and impressive. Thanks for that piece of information
Johnny> and history. I guess they didn't see much need of DDCMP
Johnny> support in RSTS/E at that point. How did you select which
Johnny> serial port it would use, by the way? Or was this only done
Johnny> for the PRO? Hmm, I guess it could have been passed in in
Johnny> the syscall...
There is an "assign" syscall (which normally in RSTS means "reserve
this device for me even when it's not open") which binds a ddcmp
driver pseudo-device unit to a tty device unit number, via a syscall
parameter. So you could have, say, up to 8 ddcmp ports, and those
could be bound at runtime to any of your terminal ports.
paul
Paul Koning wrote:
"Johnny" == Johnny Billquist <bqt at softjar.se> writes:
Johnny> Paul Koning wrote:
>> RSTS does too (for sufficiently recent versions, like V10 or so)
>> -- though the NCP bits don't seem to be there. But there's a
>> driver and it can be told to turn on if you issue the DECnet
>> control syscalls directly.
Johnny> Aha. I think I looked at RSTS/E DECnet SPD only, and didn't
Johnny> find any mention of it, back when I was playing with that.
That would make sense given that the support isn't complete.
Aha. Yes, that would explain it. :-)
Johnny> I wonder why you can't set it from NCP though? Weird if they
Johnny> have the functionality, but no "normal" way of enabling it.
Probably history. I created the async DDCMP driver when I was doing
the (unreleased) PRO port for RSTS (9.6 originally). I handed it to
RSTS development, and they integrated it into the release. But I
personally never did the NCP work. Probably because it wasn't
familiar code and it would have been a lot of work. Instead, I just
wrote a little 10 line utility to issue the line on/off syscalls to
the kernel.
Way fun, and impressive. Thanks for that piece of information and history.
I guess they didn't see much need of DDCMP support in RSTS/E at that point. How did you select which serial port it would use, by the way? Or was this only done for the PRO?
Hmm, I guess it could have been passed in in the syscall...
>> On a Pro it even works in synchronous mode (because there the
>> "UART" is actually a USART).
Johnny> I don't think you can set it to synch mode in DECnet, though,
Johnny> so that is more of a theoretical thing. But yes, RSX
Johnny> supports both synch and asynch mode.
What I meant is that I did synch mode, including for DECnet, in RSTS.
Ok. I misunderstood you. While you can use the serial port for DDCMP DECnet under P/OS, I don't think you can set it to synch mode there.
Even though the hardware supports it.
But for code that you wrote, obviously you could take advantage of all the possibilities. :-)
Johnny
Johnny Billquist wrote:
But as far as security issues goes, there are probably a bunch of them on our different systems.
After all. Apart from VMS, we all now seem to have opersting systems that have been abandoned, as far as support goes. And incomplete sources... :-(
Well, I think that TOPS-20 sources are available and complete, but as far as I know, no PDP-11 OS with DECnet have all sources available.
(Boy, what wouldn't I do to get the RSX sources complete, including layered products... :-) )
Johnny
Sampsa Laine wrote:
i was gonna bring it up here but considering the reception I got on c.o.v. I couldn't be bothered...
I would hope the people around here are a bit more humble.
But as far as security issues goes, there are probably a bunch of them on our different systems.
I know of a couple under RSX atleast...
Johnny
Sampsa
On 22 Aug 2008, at 16:54, gerry77 at mail.com wrote:
I suppose you all have read about the VMS security bug that is being discussed
since about a week on comp.os.vms. Anyway, having read nothing about it here,
I thought useful to warn all the system administrators who read this mailing
list and which have VMS nodes with guest access on HECnet and/or Internet
about potential security treats to which their systems are exposed.
All VMS versions (VAX since V5.x, AXP and I64 since their beginning) are
exposed to a local exploit that allows any unprivileged user to gain almost
any privilege! The problem lies in SYS$SHARE:SMGSHR.EXE which is used for CLI
processing in many system utilites installed with high privileges (i.e.
INSTALL.EXE, SYSMAN.EXE, SHWCLSTR.EXE, etc.).
HP has just released mandatory patches for some versions while others, notably
all the VAX and older Alpha ones, are still exposed. Look for kits named like
VMSxxx_SMGRTL-V0100 in ftp://ftp.itrc.hp.com/openvms_patches
A partial solution for those systems for which there isn't a patch appears to
be an ACL to deny access to some utilities by non trusted users. The list that
follows contains the names of those images that I think most dangerous, but I
will be "happy" to add more names if you discover them:
AUTHORIZE.EXE
INSTALL.EXE
NCP.EXE
SHWCLSTR.EXE
SYSMAN.EXE
TCPIP$FTP_CLIENT.EXE (VAX)
TCPIP$TELNET.EXE (AXP)
TCPIP$UCP.EXE
Please note that I'm NOT sure about this, i.e. there may be a workaround for
this workaround which I haven't thought of.
G.
"Johnny" == Johnny Billquist <bqt at softjar.se> writes:
Johnny> Paul Koning wrote:
RSTS does too (for sufficiently recent versions, like V10 or so)
-- though the NCP bits don't seem to be there. But there's a
driver and it can be told to turn on if you issue the DECnet
control syscalls directly.
Johnny> Aha. I think I looked at RSTS/E DECnet SPD only, and didn't
Johnny> find any mention of it, back when I was playing with that.
That would make sense given that the support isn't complete.
Johnny> I wonder why you can't set it from NCP though? Weird if they
Johnny> have the functionality, but no "normal" way of enabling it.
Probably history. I created the async DDCMP driver when I was doing
the (unreleased) PRO port for RSTS (9.6 originally). I handed it to
RSTS development, and they integrated it into the release. But I
personally never did the NCP work. Probably because it wasn't
familiar code and it would have been a lot of work. Instead, I just
wrote a little 10 line utility to issue the line on/off syscalls to
the kernel.
On a Pro it even works in synchronous mode (because there the
"UART" is actually a USART).
Johnny> I don't think you can set it to synch mode in DECnet, though,
Johnny> so that is more of a theoretical thing. But yes, RSX
Johnny> supports both synch and asynch mode.
What I meant is that I did synch mode, including for DECnet, in RSTS.
It successfully talked to a DMR (both in 4.0 mode and DMC mode -- I
remember digging up the details of the "DMC bugs" that DMC mode on the
later devices is meant to handle).
It was an interesting experience. The DDCMP spec is so well written
that you can simply implement what it says and it all works. That's
how it should be, but specs that good are unfortunately quite rare
(and essentially nonexistent in more recent times).
BTW, a DDCMP driver for Linux would be a pretty easy thing to do. I
started looking into it but didn't have the spare time to do the
actual coding.
paul
i was gonna bring it up here but considering the reception I got on c.o.v. I couldn't be bothered...
Sampsa
On 22 Aug 2008, at 16:54, gerry77 at mail.com wrote:
I suppose you all have read about the VMS security bug that is being discussed
since about a week on comp.os.vms. Anyway, having read nothing about it here,
I thought useful to warn all the system administrators who read this mailing
list and which have VMS nodes with guest access on HECnet and/or Internet
about potential security treats to which their systems are exposed.
All VMS versions (VAX since V5.x, AXP and I64 since their beginning) are
exposed to a local exploit that allows any unprivileged user to gain almost
any privilege! The problem lies in SYS$SHARE:SMGSHR.EXE which is used for CLI
processing in many system utilites installed with high privileges (i.e.
INSTALL.EXE, SYSMAN.EXE, SHWCLSTR.EXE, etc.).
HP has just released mandatory patches for some versions while others, notably
all the VAX and older Alpha ones, are still exposed. Look for kits named like
VMSxxx_SMGRTL-V0100 in ftp://ftp.itrc.hp.com/openvms_patches
A partial solution for those systems for which there isn't a patch appears to
be an ACL to deny access to some utilities by non trusted users. The list that
follows contains the names of those images that I think most dangerous, but I
will be "happy" to add more names if you discover them:
AUTHORIZE.EXE
INSTALL.EXE
NCP.EXE
SHWCLSTR.EXE
SYSMAN.EXE
TCPIP$FTP_CLIENT.EXE (VAX)
TCPIP$TELNET.EXE (AXP)
TCPIP$UCP.EXE
Please note that I'm NOT sure about this, i.e. there may be a workaround for
this workaround which I haven't thought of.
G.
Paul Koning wrote:
"Johnny" == Johnny Billquist <bqt at softjar.se> writes:
Johnny> Hmm. As far as I know, HECnet have never made use of any
Johnny> homemade hardware. However, the first links I used, were over
Johnny> serial ports talking DDCMP, that I tunneled. I could still do
Johnny> that, if needed. It's even simpler than bridging
Johnny> ethernet. The only "problem" is that asynch serial DECnet
Johnny> don't go any faster than 9600 bps. Atleast under RSX.
Johnny> Another problem is that as far as I can tell, only RSX and
Johnny> VMS supports that.
RSTS does too (for sufficiently recent versions, like V10 or so) --
though the NCP bits don't seem to be there. But there's a driver and
it can be told to turn on if you issue the DECnet control syscalls
directly.
Aha. I think I looked at RSTS/E DECnet SPD only, and didn't find any mention of it, back when I was playing with that.
Or perhaps I got the information from somewhere else. Can't remember for certain right now.
I wonder why you can't set it from NCP though? Weird if they have the functionality, but no "normal" way of enabling it.
On a Pro it even works in synchronous mode (because there the "UART"
is actually a USART).
I don't think you can set it to synch mode in DECnet, though, so that is more of a theoretical thing.
But yes, RSX supports both synch and asynch mode.
Johnny
"Johnny" == Johnny Billquist <bqt at softjar.se> writes:
Johnny> Hmm. As far as I know, HECnet have never made use of any
Johnny> homemade hardware. However, the first links I used, were over
Johnny> serial ports talking DDCMP, that I tunneled. I could still do
Johnny> that, if needed. It's even simpler than bridging
Johnny> ethernet. The only "problem" is that asynch serial DECnet
Johnny> don't go any faster than 9600 bps. Atleast under RSX.
Johnny> Another problem is that as far as I can tell, only RSX and
Johnny> VMS supports that.
RSTS does too (for sufficiently recent versions, like V10 or so) --
though the NCP bits don't seem to be there. But there's a driver and
it can be told to turn on if you issue the DECnet control syscalls
directly.
On a Pro it even works in synchronous mode (because there the "UART"
is actually a USART).
paul
