From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,caa8ecf96e8cf189 X-Google-Attributes: gid103376,public From: kilgallen@eisner.decus.org (Larry Kilgallen) Subject: Re: Trusting GNAT for security software Date: 1998/03/02 Message-ID: <1998Mar2.080639.1@eisner>#1/1 X-Deja-AN: 330001005 References: <34F421F6.3A5FFF59@towson.edu> <34F5A906.1704@gsfc.nasa.gov> <34F68913.2FF865DA@cl.cam.ac.uk> <6d67j5$474$1@news.nyu.edu> <34F9444D.D2F588@cl.cam.ac.uk> <1998Mar1.142220.1@eisner> Reply-To: Kilgallen@eisner.decus.org.nospam X-Nntp-Posting-Host: eisner.decus.org X-Trace: news.decus.org 888844006 11531 KILGALLEN [192.67.173.2] Organization: LJK Software Newsgroups: comp.lang.ada Date: 1998-03-02T00:00:00+00:00 List-Id: In article , Andi Kleen writes: > Another funny thing. Most newer Intel chips (PPro+) are rumoured to have > loadable Microcode [SCO apparently once released a OS update that fixed > microcode bugs]. Now you could patch the microcode to detect some known > codes... That was a feature of the better VAXes for years. Now with Alpha, there is PALcode which provides the same capability in a bit more chip-independent fashion. It turns out you cannot intercept arbitary (implemented) instructions, but you can certainly get all the calls to privileged OS features, which is quite enough to be concerned about for security purposes. So GNAT (or any other compiler) is just one in a long list of possible security risks, and the primary malice risk is probably the operators you hire for your own site rather than the compiler writers who likely do not know (or care) that your project is using their compiler. Larry Kilgallen