From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,bc1361a952ec75ca
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2001-08-11 07:10:11 PST
Path: 
 archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!novia!novia!netnews.com!newshub2.rdc1.sfba.home.com!news.home.com!news1.rdc2.on.home.com.POSTED!not-for-mail
Message-ID: <3B753CCC.21C9B314@home.com>
From: "Warren W. Gay VE3WWG" <ve3wwg@home.com>
X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: How Ada could have prevented the Red Code distributed denial of
References: <bebbba07.0107292308.d1192fc@posting.google.com>
 <t0kok9.1p4.ln@10.0.0.2> <9kpo9r$415@augusta.math.psu.edu>
 <5drpk9.l0e.ln@10.0.0.2> <9krhd2$6po@augusta.math.psu.edu>
 <ldbsk9.1gl.ln@10.0.0.2> <3B7225A1.DC95C8A6@home.com>
 <fjouk9.2ua.ln@10.0.0.2> <3B73378B.EF7E2C10@home.com>
 <zgSc7.5190$NJ6.24211@www.newsranger.com> <3B73FEA5.D4B46E89@home.com>
 <tn9frkh2mlai1c@corp.supernews.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Sat, 11 Aug 2001 14:10:10 GMT
NNTP-Posting-Host: 24.141.193.224
X-Complaints-To: abuse@home.net
X-Trace: news1.rdc2.on.home.com 997539010 24.141.193.224 (Sat,
 11 Aug 2001 07:10:10 PDT)
NNTP-Posting-Date: Sat, 11 Aug 2001 07:10:10 PDT
Organization: Excite@Home - The Leader in Broadband http://home.com/faster
Xref: archiver1.google.com comp.lang.ada:11790
Date: 2001-08-11T14:10:10+00:00
List-Id: <comp.lang.ada>

David Starner wrote:
> "Warren W. Gay VE3WWG" <ve3wwg@home.com> wrote in message
> news:3B73FEA5.D4B46E89@home.com...
> > In this vein, I'd love to see sendmail and bind/named done in
> > Ada.  That would not solve all of the security issues, but at
> > least would eliminate most, if not all of the code exploit
> > issues.
> 
> I'd be more inclined to trust something battle-tested than something new,
> even if the new program was written in Ada. For a lot of the stuff, Ada
> would just turn a remote exploit into DOS (program failure by uncaught
> exception), which is an improvement, but it's still a bug and a problem.

My concern David, is that for every bug fixed in the C/C++ versions of
these servers, how many more of the same are still unnoticed, and yet to
be exploited. I agree that a new untested version of the same servers
would bring out new problems initially. But it wasn't that long ago
that Bind 8 just came out, which IIRC, was "rewritten" anyway. My point
is that rewrites would have/will be - better in Ada. The current
state of the art seems to be to "battle-harden" the C/C++ exploits,
for the most part.

A newly written server done in Ada, would ramp up in security
quickly, and all of us could then focus on a smaller subset of the
remaining issues, IMHO.

-- 
Warren W. Gay VE3WWG
http://members.home.net/ve3wwg