From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-ArrivalTime: 2001-08-02 12:22:59 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!newsfeeds.belnet.be!news.belnet.be!news.tele.dk!148.122.208.68!news2.oke.nextra.no!nextra.com!news3.oke.nextra.no.POSTED!not-for-mail From: "Tor Rustad" Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional References: <%CX97.14134$ar1.47393@www.newsranger.com> <9ka0on$me1@augusta.math.psu.edu> <3b69253a$1@pull.gecm.com> Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Message-ID: <9Mha7.3184$e%4.96024@news3.oke.nextra.no> NNTP-Posting-Host: 130.67.65.17 X-Complaints-To: news-abuse@nextra.no NNTP-Posting-Date: Thu, 02 Aug 2001 21:22:45 MEST Organization: Nextra Public Access X-Trace: news3.oke.nextra.no 996780166 130.67.65.17 Date: Thu, 2 Aug 2001 21:23:12 +0200 Xref: archiver1.google.com comp.lang.ada:11126 comp.lang.c:71723 comp.lang.c++:79445 comp.lang.functional:7220 Date: 2001-08-02T21:23:12+02:00 List-Id: "Martin Dowie" wrote in message > I don't know. But I do know that MISRA (UK Motor Industry S/W > Reliability Association) publish guidelines that indicate that > Ada should be considered in preference to using C for safety > critical systems. The report defines MISRA-C, a "safe" subset > of C. IIRC, MISRA-C explains in some detail how to use the language correct. As a security programmer I have multiple objectives, some of the important ones are 1. correct program 2. robust program 3. portable program 4. fast program For each point, the importance and difficulty varies, depending of the project. However, to me it's really a minor problem to avoid bugs like buffer overflow and memory leaks using C. The hard part, is to get the program correct & robust, no matter what the input is and some times no matter what the HW does. Using a language with more built in safty features, would of course make this job easier, but primary for less expierenced programmers. You cannot simply use idiot's to program critical systems, and which language to use isn't a simple pick. If a company's technical experts are expert C programmers, I guess the best solution is C. Many times the technical challenge in designing og problem solving, is greather than the programming task, that is at lest true in security engineering. What Microsoft has to do with robust SW, I don't know. For them, time-to-market and fast programs look to be more important objectives than what is usually mine. OTOH, Microsoft is doing pretty well (as a company), they can't be completely wrong. ;-) Buffer overflow is a real problem with many current systems, and I really think more C programmers should use the OpenBSD strlcpy() and strlcat(), which are simpler to use correctly than their standard library friends. -- Tor "God does not play dice" -Albert Einstein