Re: GNAT 3.14p and Red Hat 7.2

[Florian Weimer <fw@deneb.enyo.de>]

Georg Bauhaus <sb463ba@l1-hrz.uni-duisburg.de> writes:

> I recall a discussion of OS security in the Minix book
> by Tanenbaum, where he points out that you should not believe
> in security because your system manual tells you some part
> of the system has been secured. On the contrary, the mechanism
> should be open to cracking attempts, to be tested.

Did Tanenbaum really write that?  What strange way to think about
security!

We haven't got just manuals, we have also got source code.  Looking at
the source code is far more efficient than random black box testing
without vendor support.  I'm surprised how many vulnerabilities are
uncovered by more or less systematic black box testing, but such
testing can only show the presence of bugs, not their absence.

> Improved security due to the removal of one possible hole?

Yes, of course, and it's not a "possible hole", it's a typical /tmp
race condition.

> Let me argue in favour of documenting possible holes. 

This particular problem has been documented over and over again. In
fact, it is one of the most well-known security problems in
UNIX-centered code.

> If program writers learn to pay attention to the outcome
> of the compilation process, and they must, once they now
> even an Ada program doesn't just use RM virtuality,
> they will care about what OS facilities operate behind the
> scenes.

Well, I *do* care, that's why I complain about the problem!  But your
advice not to fix such problems and just document them is entirely
incomprehensible to me.