From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,caa8ecf96e8cf189 X-Google-Attributes: gid103376,public From: kilgallen@eisner.decus.org (Larry Kilgallen) Subject: Re: Trusting GNAT for security software Date: 1998/03/02 Message-ID: <1998Mar2.083324.1@eisner>#1/1 X-Deja-AN: 330005725 X-Nntp-Posting-Host: eisner.decus.org References: <34F421F6.3A5FFF59@towson.edu> <34F5A906.1704@gsfc.nasa.gov> <34F68913.2FF865DA@cl.cam.ac.uk> <6d67j5$474$1@news.nyu.edu> <34F9444D.D2F588@cl.cam.ac.uk> <1998Mar1.142220.1@eisner> X-Trace: news.decus.org 888845795 11531 KILGALLEN [192.67.173.2] Organization: LJK Software Reply-To: Kilgallen@eisner.decus.org.nospam Newsgroups: comp.lang.ada Date: 1998-03-02T00:00:00+00:00 List-Id: In article , dewar@merv.cs.nyu.edu (Robert Dewar) writes: > Actually here, operating in paranoid mode, you are ahead with GNAT, since, > assuming you are using the commercial version of the product, you get it > directly from the vendor, with no intervening distributors. Yes, it is > possible that the public versions could be compromised, although I think > it is more likely that would happen through an accident, than through > design -- but one cannot imagine a paranoid security-concious project > using unsupported freeware of unknown provenance, can one??? Certainly from a security perspective, any factor which causes fuller analysis and more attention to details is to be desired. > Larry said > < that doesn't mean your security software should be that way. In fact, > I would be quite suspicious of a security product delivered in source > form allegedly for reasons of security if the instructions were that > I had to use a particular compiler even though it was written in an > internationally standardized language. >>> > > Surely you have not been dazzled into believing that because something > is written in a standardized language, it is automatically portable! > There are many legitimate implementation dependencies in almost all > languages. It is actually very unusual for a large project to be > 100% portable from one compiler to another without any changes of > any kind at all -- not impossible, but most certainly unusual. I would not expect to be able to use a different compiler with zero effort, but for a security product to have been purposefully programmed to prevent use of other compilers would raise a red flag. On the other hand, that might lead to more thorough analysis, which is good. To me this an entirely different issue than whether GNAT requires GNAT. Larry Kilgallen