From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,bc1361a952ec75ca
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2001-08-11 07:27:17 PST
Path: 
 archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!pln-w!extra.newsguy.com!lotsanews.com!newshub2.rdc1.sfba.home.com!news.home.com!news1.rdc2.on.home.com.POSTED!not-for-mail
Message-ID: <3B7540CF.70CBD2B3@home.com>
From: "Warren W. Gay VE3WWG" <ve3wwg@home.com>
X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: How Ada could have prevented the Red Code distributed denial of
References: <bebbba07.0107292308.d1192fc@posting.google.com>
 <t0kok9.1p4.ln@10.0.0.2> <9kpo9r$415@augusta.math.psu.edu>
 <5drpk9.l0e.ln@10.0.0.2> <9krhd2$6po@augusta.math.psu.edu>
 <ldbsk9.1gl.ln@10.0.0.2> <3B7225A1.DC95C8A6@home.com>
 <fjouk9.2ua.ln@10.0.0.2> <3B73378B.EF7E2C10@home.com>
 <zgSc7.5190$NJ6.24211@www.newsranger.com> <3B73FEA5.D4B46E89@home.com>
 <tn9frkh2mlai1c@corp.supernews.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Sat, 11 Aug 2001 14:27:17 GMT
NNTP-Posting-Host: 24.141.193.224
X-Complaints-To: abuse@home.net
X-Trace: news1.rdc2.on.home.com 997540037 24.141.193.224 (Sat,
 11 Aug 2001 07:27:17 PDT)
NNTP-Posting-Date: Sat, 11 Aug 2001 07:27:17 PDT
Organization: Excite@Home - The Leader in Broadband http://home.com/faster
Xref: archiver1.google.com comp.lang.ada:11791
Date: 2001-08-11T14:27:17+00:00
List-Id: <comp.lang.ada>

I just re-read what you wrote, and realized I misunderstood
the thrust of what you said.. so I'll re-reply, since I can't
retract the prior post.

David Starner wrote:
> 
> "Warren W. Gay VE3WWG" <ve3wwg@home.com> wrote in message
> news:3B73FEA5.D4B46E89@home.com...
> > In this vein, I'd love to see sendmail and bind/named done in
> > Ada.  That would not solve all of the security issues, but at
> > least would eliminate most, if not all of the code exploit
> > issues.
> 
> I'd be more inclined to trust something battle-tested than something new,
> even if the new program was written in Ada. For a lot of the stuff, Ada
> would just turn a remote exploit into DOS (program failure by uncaught
> exception), which is an improvement, but it's still a bug and a problem.

This indeed is an _improvement_, while a "bug and a problem". However,
I would much prefer this mode of operation, because this means that
the problem will get more immediate attention for a _fix_.

To some extent, the same DOS aspects apply to C/C++ code (aborts). 
Where there is no "signal", it either "corrupts", "ignores" or runs
"exploit code". But raising exceptions in Ada will hopefully provide 
notice before your system is exploited.

That is my primary reason for wishing.
-- 
Warren W. Gay VE3WWG
http://members.home.net/ve3wwg