Re: Ada 83 pretty printers

[kilgallen@eisner.decus.org (Larry Kilgallen)]

In article <pmVdOJAtmkz3Ew7W@avies.demon.co.uk>, Tony Vincent <tony@avies.demon.co.uk> writes:

> If GNAT could be built from source then it would be OK - the source
> could be checked and system calls investigated (not that they ever are).
> How would Gnat be built from source?  I guess you would need to compile
> GNAT source written in Ada'83 through DEC-Ada to produce the Gnat '95
> executables.

No, reports in this group are that you actually need to use GNAT
to build GNAT, but if your outfit would even consider building
software from source for security purposes I presume they have
a "scratch" machine.

Failing that, being the security conscious sort, I presume you
have lots of removable disks and you can install a scratch copy
of VMS to build using the possibly-tainted GNAT executable.

As a last resort, do what I do on Macintosh and dismount all the
"real" disks before running the unblessed software.  Macintosh
lacks an easy Mount command for non-removable disks, but to get
the same effect (security-wise) on VMS, you can demonstrate the
joys of turning on audits for the Mount operation (to prove that
the binary copy of GNAT you run to build from source does not have
any secret calls to the SYS$MOUNT system service).  Or point out
the security folks that Ken Thompson does not do Ada.

Larry Kilgallen