Re: Trusting GNAT for security software

[kilgallen@eisner.decus.org (Larry Kilgallen)]

In article <m3btvp1zo2.fsf@fred.muc.de>, Andi Kleen <ak@muc.de> writes:

> Another funny thing. Most newer Intel chips (PPro+) are rumoured to have
> loadable Microcode [SCO apparently once released a OS update that fixed
> microcode bugs]. Now you could patch the microcode to detect some known
> codes...

That was a feature of the better VAXes for years.

Now with Alpha, there is PALcode which provides the same capability
in a bit more chip-independent fashion.  It turns out you cannot
intercept arbitary (implemented) instructions, but you can certainly
get all the calls to privileged OS features, which is quite enough to 
be concerned about for security purposes.

So GNAT (or any other compiler) is just one in a long list of possible
security risks, and the primary malice risk is probably the operators
you hire for your own site rather than the compiler writers who likely
do not know (or care) that your project is using their compiler.

Larry Kilgallen