From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,da46977c58c329df
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2002-02-06 06:59:52 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newsfeed1.earthlink.net!newsfeed.earthlink.net!newsmaster1.prod.itd.earthlink.net!newsread1.prod.itd.earthlink.net.POSTED!not-for-mail
Message-ID: <3C6144E7.4010801@earthlink.net>
From: "Ian S. Nelson" <nelsonis@earthlink.net>
Reply-To: nelsonis@earthlink.net.NOSPAM
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.7) Gecko/20011221
X-Accept-Language: en-us
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: Ada's Slide To Oblivion ...
References: <b84db440.0201301508.1e3ea4b6@posting.google.com>
    <a3a19n$db9$1@nh.pace.co.uk>
    <4519e058.0201310714.650888e1@posting.google.com>
    <3C598CAA.7040801@home.com> <3C59FCD3.928144FB@adaworks.com>
 <a3eikr$tfo$1@news.btv.ibm.com> <a3q69h$18m3um$1@ID-25716.news.dfncis.de>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Date: Wed, 06 Feb 2002 14:59:52 GMT
NNTP-Posting-Host: 66.1.228.145
X-Complaints-To: abuse@earthlink.net
X-Trace: newsread1.prod.itd.earthlink.net 1013007592 66.1.228.145 (Wed,
 06 Feb 2002 06:59:52 PST)
NNTP-Posting-Date: Wed, 06 Feb 2002 06:59:52 PST
Organization: EarthLink Inc. -- http://www.EarthLink.net
X-Received-Date: Wed,
 06 Feb 2002 06:59:52 PST (newsmaster1.prod.itd.earthlink.net)
Xref: archiver1.google.com comp.lang.ada:19668
Date: 2002-02-06T14:59:52+00:00
List-Id: <comp.lang.ada>

Nick Roberts wrote:

> "Dale Pontius" <pontius@btv.MBI.com.invalid> wrote in message
> news:a3eikr$tfo$1@news.btv.ibm.com...
> 
> 
>>By today's common programming practices, we have a situation
>>where the simplest/easiest way of programming string input gives
>>buffer overflows, and there for security holes. In C, that is.
>>Don't know about C++, but at least in Ada, the simplest/easiest
>>way of programming string input at worst would give a DOS
>>problem as the program crashed, and it wouldn't be much harder
>>to catch the exception and stop that.

> Both C and C++ are fundamentally insecure languages, because they require a
> 'flat' address space, with no differentiation between the executable
> (read-only) and variable (read-write) parts. This completely subverts the
> security mechanisms (e.g. segments with access controls) most modern
> processor architectures support and could otherwise fully deploy. Buffer
> overrun exploits are but one manifestation of this problem.
 

This is flat out wrong.