From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
	autolearn=ham autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,8623fab5750cd6aa
X-Google-Attributes: gid103376,public
Path: 
 g2news1.google.com!news1.google.com!news.glorb.com!border1.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!cyclone1.gnilink.net!spamkiller2.gnilink.net!gnilink.net!nwrdny01.gnilink.net.POSTED!0e8a908a!not-for-mail
From: Hyman Rosen <hyrosen@mail.com>
User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: Improving Ada's image - Was: 7E7 Flight Controls Electronics
References: <40b9c99e$0$268$edfadb0f@dread16.news.tele.dk>
 <ubrk5lwoo.fsf@obry.org>
 <pan.2004.05.30.18.03.35.769965@n_o_p_o_r_k_a_n_d_h_a_m.abyss2.demon.co.uk>
 <40ba315a$0$254$edfadb0f@dread16.news.tele.dk>
 <oLwuc.17575$be.14510@newsread2.news.pas.earthlink.net>
 <04udnR-eHNChzSbdRVn-vw@gbronline.com>
 <vfSuc.8469$hB2.7817@nwrdny03.gnilink.net>
 <7J0xc.7371$8k4.269106@news20.bellglobal.com>
 <1086630278.542788@master.nyc.kbcfp.com>
 <8xlxc.27603$sS2.845496@news20.bellglobal.com>
 <1086715817.122983@master.nyc.kbcfp.com>
 <Sspxc.21282$8k4.550716@news20.bellglobal.com>
 <1086733411.736049@master.nyc.kbcfp.com>
 <3Auxc.11998$XY6.1296622@read2.cgocable.net>
 <Ygyxc.21522$QT3.4694@nwrdny01.gnilink.net> <40C85035.4020706@noplace.com>
 <qShyc.51846$8k4.1132952@news20.bellglobal.com>
In-Reply-To: <qShyc.51846$8k4.1132952@news20.bellglobal.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <Akmyc.11948$wi2.7228@nwrdny01.gnilink.net>
Date: Fri, 11 Jun 2004 17:53:36 GMT
NNTP-Posting-Host: 68.160.201.113
X-Complaints-To: abuse@verizon.net
X-Trace: nwrdny01.gnilink.net 1086976416 68.160.201.113 (Fri,
 11 Jun 2004 13:53:36 EDT)
NNTP-Posting-Date: Fri, 11 Jun 2004 13:53:36 EDT
Xref: g2news1.google.com comp.lang.ada:1399
Date: 2004-06-11T17:53:36+00:00
List-Id: <comp.lang.ada>

Warren W. Gay VE3WWG wrote:
> You missed another good reason: c) improved security. Any daemon or process
> that interfaces with the wild wooly world out there, should be very
> secure (perfectly secure if theoretically possible). I think Ada can
> add some real value in this particular area, to the many "services"
> currently written in C/C++.

Check out this paper, back from 1995, on the security issues of BIND.
<http://www.usenix.org/publications/library/proceedings/security95/full_papers/vixie.txt>

You will notice that most of the problems mentioned have to do with
attacks against the protocol, by forming messages in various unexpected
ways, by spoofing fields, and by mucking about with connections. Using
a language like Ada (or Java, for that matter) will certainly protect
against buffer overflows, but not against the logical errors described.

That's why it would be really interesting to see an Ada version of BIND.