From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: *
X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_00,INVALID_MSGID,
	MSGID_RANDY autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,32a9c4641bed19de
X-Google-Attributes: gid103376,public
From: Robert Dewar <robert_dewar@my-deja.com>
Subject: Re: FY Ammo: Study about Security Bugs
Date: 1999/11/25
Message-ID: <81k5oi$44k$1@nnrp1.deja.com>#1/1
X-Deja-AN: 552974639
References: <slrn83qb10.kn.lutz@taranis.iks-jena.de>
 <m366yqk69o.fsf@kiuk0156.chembio.ntnu.no>
X-Http-Proxy: 1.0 x34.deja.com:80 (Squid/1.1.22) for client 205.232.38.14
Organization: Deja.com - Before you buy.
X-Article-Creation-Date: Thu Nov 25 20:21:40 1999 GMT
X-MyDeja-Info: XMYDJUIDrobert_dewar
Newsgroups: comp.lang.ada
X-Http-User-Agent: Mozilla/4.04 [en] (OS/2; I)
Date: 1999-11-25T00:00:00+00:00
List-Id: <comp.lang.ada>

In article <m366yqk69o.fsf@kiuk0156.chembio.ntnu.no>,
  Preben Randhol <randhol@pvv.org> wrote:
> I know C and C++ programs can be, if not coded
> properly, but I would think Ada 95 programs wasn't (unless one
> are
> perhaps interfacing towards C?). If somebody could shed some
> light on
> this, it would be great.


That's right, Ada 95 programs are FAR less susecptible to the
buffer overflow problem (not impregnable, bad coding can achieve
any desired goal, and for example, an Ada program interfacing
directly to memcpy is at risk).

There are two reasons for this

1. If checks are on, out of range subscripts will be caught
by exceptions.

2. Even if checks are off, the kind of low level programming
approaches used in C (memcpy for example) are typically not used
in Ada, so it is far less likely that Ada code would be
susceptible to such attacks.


Sent via Deja.com http://www.deja.com/
Before you buy.