From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,1943b1e68472411f X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-06-12 12:31:34 PST Path: archiver1.google.com!news2.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newsfeed1.cidera.com!Cidera!cyclone.socal.rr.com!cyclone3.kc.rr.com!news3.kc.rr.com!twister.socal.rr.com.POSTED!not-for-mail Message-ID: <3D07A181.4E478A0E@san.rr.com> From: Darren New X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Why write an Ada web browser ?, was: Re: GNAT Ada - DLL - MSVC References: <3D062F7D.406B8709@sympatico.ca> <3D0761FF.38554417@sympatico.ca> <3D076F21.E0CB708E@san.rr.com> <3D0798DE.9F54B0D0@sympatico.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Wed, 12 Jun 2002 19:30:47 GMT NNTP-Posting-Host: 66.75.151.160 X-Complaints-To: abuse@rr.com X-Trace: twister.socal.rr.com 1023910247 66.75.151.160 (Wed, 12 Jun 2002 12:30:47 PDT) NNTP-Posting-Date: Wed, 12 Jun 2002 12:30:47 PDT Organization: RoadRunner - West Xref: archiver1.google.com comp.lang.ada:25816 Date: 2002-06-12T19:30:47+00:00 List-Id: David Marceau wrote: > > That's the point. The question is how Ada would make run-time plug-ins > > safer, and the answer is that it wouldn't. > I will attempt to clarify why I believe ada is safer for creating > dynamic run-time plugins. I think we're talking at cross purposes. Unless you're going to reimplement *every* plug-in in Ada, the plug-ins you don't reimplement will have the same security problems. That is, sure, you can implement a Flash player or a ReadVideo player in Ada and perhaps fix some security bugs by doing so. But making your web browser secure and still having it invoke RealVideo's player isn't going to be any safer. > Firstly there are two types of dynamic run-time plug-ins: > 1)in-process(dll COM objects as Microsoft calls them) > As you know they may be gui or non-gui plugins. > If one instantiates an untrusted third party in-process plug-in, > we can expose the original executing process to unwanting hacking > since they share the same machine and user privileges as the original > executing process. I don't know of any way to change this on UNIX unless your web browser is setuid to root, and that's just asking for trouble. That is, how does one invoke a plug-in that is "safe" as a separate UNIX process, if you don't start with root privs? > The out-of-process plug-in doesn't necessarily have to run on the same > machine as the original executing process. > The out-of-process plug-in doesn't necessarily have to run with the > same user privileges. Well, yah, under Windows, it does. Especially under Windows 9x and derivatives thereof. > > That's the point. The question is how Ada would make run-time plug-ins > > safer, and the answer is that it wouldn't. > Ada by design makes safer executables than c/c++/java. I'll grant you that's true of C and C++, but not Java. > Thus is will > make safer out-of-process plugins gui and non-gui ones. Doesn't follow. Especially if your out-of-process plugins are not in Ada. I won't argue that rewriting all the network code in Ada would increase security. I just don't think it's likely to happen any time soon, due to non-technical reasons. > In a web browser(ada compiled or not) you don't necessarily have to > design it to invoke its plugins with the same user privileges. I think the security of most common OSes would prevent you from doing otherwise. > That's what would make an ada-based browser with ada-based plug-in safer > to run and use. > If you don't agree with me then please clarify this or perhaps I will > consider you as a comp.lang.ada flaming MicroSerf. No, if you rewrite everything in Ada with the primary concern being to prevent plug-ins from doing nasty things, you'll get better security. Using existing plug-ins with an ada-based browser probably won't help much. Rewriting all existing plug-ins when a majority of people use single-user OSes to browse the web doesn't help. -- Darren New San Diego, CA, USA (PST). Cryptokeys on demand. ** http://home.san.rr.com/dnew/DNResume.html ** ** http://images.fbrtech.com/dnew/ ** My brain needs a "back" button so I can remember where I left my coffee mug.