From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,LOTS_OF_MONEY autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-08-01 12:40:24 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!feed2.news.rcn.net!rcn!netnews.com!wn1feed!worldnet.att.net!209.155.233.17!pln-w!spln!dex!extra.newsguy.com!newsp.newsguy.com!elf.eng.BSDI.COM!not-for-mail From: Chris Torek Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. Date: 1 Aug 2001 11:40:40 -0700 Organization: None of The Above Sender: torek@bsdi.com Message-ID: <9k9if8$rn3$1@elf.eng.bsdi.com> References: <5ee5b646.0108010949.5abab7fe@posting.google.com> <%CX97.14134$ar1.47393@www.newsranger.com> NNTP-Posting-Host: p-967.newsdawg.com Xref: archiver1.google.com comp.lang.ada:10978 comp.lang.c:71358 comp.lang.c++:79139 comp.lang.functional:7097 Date: 2001-08-01T11:40:40-07:00 List-Id: In article <%CX97.14134$ar1.47393@www.newsranger.com> Ted Dennison writes: >Raj pretty much had the right of it. Exploitable buffer overflows are >a known *class* of bugs that are pretty much endemic with C (and C++ >that uses C) code. And other languages that offer interfaces to existing C (and C++) libraries, for instance. >On the other hand, you actually have to go fairly far out of your way >to get an exploitable buffer overflow out of Ada code. ... [ref to >site with ways to exploit Windows bugs elided] Ultimately, this boils down to an indisputable fact: people are exploiting buffer overflows that exist because poorly written C code is popular. But this practically begs for a new question: if poorly-written Ada (or any other language) were popular instead, would that mean there would be *no* exploitable bugs? Or would the exploitable bugs take some other form entirely? Perhaps, if the world were different, someone would be posting to comp.lang.ada an article saying: "If only Zerble were the popular language, these bugs would not be resulting in all these worms and viruses." :-) (Over here in comp.lang.c, I just try to convince people that writing exploitable bugs is a bad idea.) -- In-Real-Life: Chris Torek, Wind River Systems (BSD engineering) El Cerrito, CA, USA Domain: torek@bsdi.com +1 510 234 3167 http://claw.eng.bsdi.com/torek/ (not always up) I report spam to abuse@.