From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,5a942ffa7efa9386,start
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 1995-03-06 17:02:37 PST
Path: 
 bga.com!news.sprintlink.net!howland.reston.ans.net!paladin.american.edu!auvm!J64.STRATCOM.AF.MIL!BennettC
Comments: Gated by NETNEWS@AUVM.AMERICAN.EDU
Newsgroups: comp.lang.ada
Encoding: 17 TEXT
X-Mailer: Microsoft Mail V3.0
Message-ID: <2F5B780E@SMTPGATE2.STRATCOM.AF.MIL>
Date: Mon, 6 Mar 1995 13:01:00 PST
Sender: Ada programming language <INFO-ADA@VM1.NODAK.EDU>
From: "Bennett, Chip (KTR) ~U" <BennettC@J64.STRATCOM.AF.MIL>
Subject: Should internet support software be written in Ada?
Date: 1995-03-06T13:01:00-08:00
List-Id: <comp.lang.ada>

I just read an interesting article in Federal Computer Week.  The article,
titled "Energy group uncovers hole in Web software" is rather old (Feb 20),
so if this ground has already been covered, I apologize for rehashing it.

The article points out that the NCSA's httpd version 1.3 has a flaw where a
hacker might be able to overflow internal buffers and gain root access.

Point 1:  Didn't we already go through this several years back with a UNIX
mail server that had a similar problem?  Any history buffs remember that
one?

Point 2:  I going to make a huge leap here and assume that httpd is written
in C.  I'd bet that if the software had been written in a constraint
checking language like Ada, the problem would not have occurred.  Comments?

Chip Bennett