From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,8623fab5750cd6aa X-Google-Attributes: gid103376,public Path: g2news1.google.com!news2.google.com!news1.google.com!news.glorb.com!border1.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!cyclone1.gnilink.net!gnilink.net!wns13feed!worldnet.att.net!207.35.177.252!nf3.bellglobal.com!nf1.bellglobal.com!nf2.bellglobal.com!news20.bellglobal.com.POSTED!not-for-mail From: "Warren W. Gay VE3WWG" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Improving Ada's image - Was: 7E7 Flight Controls Electronics References: <40b9c99e$0$268$edfadb0f@dread16.news.tele.dk> <40ba315a$0$254$edfadb0f@dread16.news.tele.dk> <04udnR-eHNChzSbdRVn-vw@gbronline.com> <7J0xc.7371$8k4.269106@news20.bellglobal.com> <1086630278.542788@master.nyc.kbcfp.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Message-ID: Date: Mon, 14 Jun 2004 12:16:37 -0400 NNTP-Posting-Host: 198.96.223.163 X-Complaints-To: abuse@sympatico.ca X-Trace: news20.bellglobal.com 1087229795 198.96.223.163 (Mon, 14 Jun 2004 12:16:35 EDT) NNTP-Posting-Date: Mon, 14 Jun 2004 12:16:35 EDT Organization: Bell Sympatico Xref: g2news1.google.com comp.lang.ada:1472 Date: 2004-06-14T12:16:37-04:00 List-Id: Russ wrote: > "Richard Riehle" wrote in message news:... >>"Hyman Rosen" wrote in message >>news:1086630278.542788@master.nyc.kbcfp.com... ... >>On the other hand, one cannot predict what vulnerabilities would >>be discovered for an OS written in Ada. I have no doubt there >>would be some vulnerabilities. Would they be as severe as those >>in OS's written in the C family of languages? No one can answer >>that for certain. > > Just for my own education, let me ask a few questions here. > > What is the state of the art in automated conversion of C code to Ada? I can't really answer that, but I would guess that there are no such products/tools for that. If there were, the result would look like C, but be described in Ada terms. There would be very little advantage to that. The process would be similar to taking a thin Ada (to C) binding, and creating a thick one in Ada terms. I don't believe you'll find any software capable of that form of transformation at this time. > If Linux could be automatically converted to Ada, would the security > benefits of Ada be realized automatically, or would manual > modifications be necessary? If the latter, how difficult would they > be? Ada itself is not a cure for all security problems. Some of the responsibility rests with the design. However, many of the published "exploits" tend to be about things that the C-design was never designed to allow. In that sense, I think Ada can be helpful, since it would tend to avoid exploitable buffer overflows and such. However, it must be admitted, that exploits are possible in any badly designed code, in C or otherwise. One difficult to solve area is DOS attacks. Even Ada programs can be vulnerable to this, if precautions surrounding stacks, heap space and tasks are not enforced/checked. -- Warren W. Gay VE3WWG http://home.cogeco.ca/~ve3wwg