From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,da46977c58c329df X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-02-05 23:32:17 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!news.net.uni-c.dk!uninett.no!dax.net!juliett.dax.net!not-for-mail Newsgroups: comp.lang.ada Subject: Re: Ada's Slide To Oblivion ... References: <4519e058.0201310714.650888e1@posting.google.com> <3C598CAA.7040801@home.com> <3C59FCD3.928144FB@adaworks.com> From: Ole-Hjalmar Kristensen Message-ID: <7v8za79id0.fsf@vlinux.voxelvision.no> User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 06 Feb 2002 07:31:45 GMT NNTP-Posting-Host: 193.216.12.150 X-Complaints-To: abuse@tele2.no X-Trace: juliett.dax.net 1012980705 193.216.12.150 (Wed, 06 Feb 2002 08:31:45 MET) NNTP-Posting-Date: Wed, 06 Feb 2002 08:31:45 MET Organization: Tele2 Norway AS Public Access Xref: archiver1.google.com comp.lang.ada:19659 Date: 2002-02-06T07:31:45+00:00 List-Id: "Nick Roberts" writes: > "Dale Pontius" wrote in message > news:a3eikr$tfo$1@news.btv.ibm.com... > > > By today's common programming practices, we have a situation > > where the simplest/easiest way of programming string input gives > > buffer overflows, and there for security holes. In C, that is. > > Don't know about C++, but at least in Ada, the simplest/easiest > > way of programming string input at worst would give a DOS > > problem as the program crashed, and it wouldn't be much harder > > to catch the exception and stop that. > > To my mind, it seems more appropriate that DoS (Denial of Service) attack > prevention should be undertaken primarily by the IP router module, not by > TCP (or UDP) service applications. The TCP module, and its service > applications, could help by reporting suspicious activity to the IP router > (which should provide an interface to facilitate this). > > Both C and C++ are fundamentally insecure languages, because they require a > 'flat' address space, with no differentiation between the executable > (read-only) and variable (read-write) parts. This completely subverts the Where do you get this wild idea from? There is nothing in the language definition which demands this. At least on UN*X, the executable part is normally put in a read-only segment. But this is not an attribute of the language, but of the hardware, OS, and the linker/loader. Ole-Hj. Kristensen