From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-08-04 11:36:37 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!feed2.onemain.com!feed1.onemain.com!solaris.cc.vt.edu!news.vt.edu!msunews!scully!lamber45 From: David Lee Lambert Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. Date: Sat, 4 Aug 2001 14:36:10 -0400 Organization: Michigan State University Message-ID: References: <3B6555ED.9B0B0420@sneakemail.com> <87n15lxzzv.fsf@deneb.enyo.de> <3B672322.B5EA1B66@home.com> <5ee5b646.0108010949.5abab7fe@posting.google.com> NNTP-Posting-Host: scully.egr.msu.edu Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Sender: In-Reply-To: <5ee5b646.0108010949.5abab7fe@posting.google.com> Xref: archiver1.google.com comp.lang.ada:11295 comp.lang.c:72155 comp.lang.c++:79962 comp.lang.functional:7304 Date: 2001-08-04T14:36:10-04:00 List-Id: On 1 Aug 2001, Robert Dewar wrote: > "Mike Smith" wrote in message news:... > > "raj" wrote in message > > news:ppsemtojqkqsqpfvj1th3mae8b4vu1tg89@4ax.com... > > > > > > The buffer overflow occurs because of an old and well known bug in the > > > C libraries. > > > > The buffer overflow occurs because of a bug in the *Microsoft* C library. > > This is not endemic to C or C++ in general. And, what, no one has ever > > found a bug in Ada? > > Sounds like Mike is not familiar with Ada. Of course Ada does not > guarantee freedom from bugs, but for many reasons it does tend to > eliminate obvious goofs like buffer overruns, which are indeed > "endemic" to C and C++ in that these languages do not provide any > help for avoiding such bugs, and as we know these buffer overrun > bugs have time and time again proved weak spots in code written > in C/C++. C++ makes it very easy to avoid buffer-overflow bugs: just use the STL types 'string' (for strings) and 'vector' (for arbitrary objects). In C, one has to think ahead a little in some situations, but it's still quite straightforward to write overflow-free code once one has been introduced to the right functions: fgets(), snprintf(), (non-ANSI) strlcpy()... Agreed that there is a lot of buggy C code out there. Much of it is the result of assumptions made in laboratory conditions on machines with a lot of performance-limitations; for instance, 80-column TTYs and printers and card-punches. These assumptions started out with FORTRAN and other languages of that era; C was the beginning of the process to supersede them. The Ada language does seem to provide some bounds-checking... "3.6.1 Index Constraints and Discrete Ranges (1) An index_constraint determines the range of possible values for every index of an array subtype, and thereby the corresponding array bounds. " It is true that C and C++ native types do not provide bounds-checking, although some compilers do bounds-checking for static arrays. However, it would be trivial to make a type or system like vector with the additional feature of doing automatic bounds-checking, or even automatically growing the array when adding a new element past the end. Whether such an implementation would really be efficient is another question -- in many cases it would be better to use a hash or tree structure for such a random-access application. C forces a person to think about the consequences of poor algorithm choices. Certainly, scripting languages like Perl and VBA and Basic and *sh and lisp and Java avoid many of these errors, but most implementations of such languages are written in C, often using standard components like yacc(). (I do know of one book on compiler-design that uses Java for implementation, and I'm sure that Pascal was widely used at one time, but C still reigns supreme...) Note that Perl has a way to call C/assembler/Fortran libraries, but no way to use a templatized C++ library using all of the OOP features (sorry if this is over-general...). I'm sure that one can write a secure webserver in Ada, but I personally would trust a mission-critical system that I had written in C better, because I've had more experience with the language and the available environment. I certainly would plan out such a system very carefully. -- DLL