From: kilgallen@eisner.decus.org (Larry Kilgallen)
Subject: Re: Trusting GNAT for security software
Date: 1998/03/02
Date: 1998-03-02T00:00:00+00:00 [thread overview]
Message-ID: <1998Mar2.083324.1@eisner> (raw)
In-Reply-To: dewar.888807733@merv
In article <dewar.888807733@merv>, dewar@merv.cs.nyu.edu (Robert Dewar) writes:
> Actually here, operating in paranoid mode, you are ahead with GNAT, since,
> assuming you are using the commercial version of the product, you get it
> directly from the vendor, with no intervening distributors. Yes, it is
> possible that the public versions could be compromised, although I think
> it is more likely that would happen through an accident, than through
> design -- but one cannot imagine a paranoid security-concious project
> using unsupported freeware of unknown provenance, can one???
Certainly from a security perspective, any factor which causes fuller
analysis and more attention to details is to be desired.
> Larry said
> <<Well just because GNAT is written to rely on GNAT-specific features,
> that doesn't mean your security software should be that way. In fact,
> I would be quite suspicious of a security product delivered in source
> form allegedly for reasons of security if the instructions were that
> I had to use a particular compiler even though it was written in an
> internationally standardized language.
>>>
>
> Surely you have not been dazzled into believing that because something
> is written in a standardized language, it is automatically portable!
> There are many legitimate implementation dependencies in almost all
> languages. It is actually very unusual for a large project to be
> 100% portable from one compiler to another without any changes of
> any kind at all -- not impossible, but most certainly unusual.
I would not expect to be able to use a different compiler with zero effort,
but for a security product to have been purposefully programmed to prevent
use of other compilers would raise a red flag. On the other hand, that
might lead to more thorough analysis, which is good.
To me this an entirely different issue than whether GNAT requires GNAT.
<relevant comments about not depending entirely on source snipped>
Larry Kilgallen
next prev parent reply other threads:[~1998-03-02 0:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
1998-02-25 0:00 Compiling gnat into gcc-2.8.0 Kevin Taylor
1998-02-26 0:00 ` Stephen Leake
1998-02-26 0:00 ` Robert Dewar
1998-02-27 0:00 ` Markus Kuhn
1998-02-27 0:00 ` Richard Kenner
1998-03-01 0:00 ` Trusting GNAT for security software Markus Kuhn
1998-03-01 0:00 ` Robert Dewar
1998-03-01 0:00 ` Larry Kilgallen
1998-03-01 0:00 ` Robert Dewar
1998-03-02 0:00 ` Larry Kilgallen [this message]
1998-03-02 0:00 ` Andi Kleen
1998-03-02 0:00 ` Larry Kilgallen
1998-02-27 0:00 ` Compiling gnat into gcc-2.8.0 Robert Dewar
1998-02-27 0:00 ` Andi Kleen
1998-02-27 0:00 ` Larry Kilgallen
1998-02-27 0:00 ` Robert Dewar
1998-02-26 0:00 ` Simon Wright
1998-02-26 0:00 ` Robert Dewar
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox