From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FORGED_GMAIL_RCVD,
	FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4
X-Google-Thread: 103376,bbe592428babd509
X-Google-NewGroupId: yes
X-Google-Attributes: gida07f3367d7,domainid0,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news2.google.com!news4.google.com!feeder.news-service.com!85.214.198.2.MISMATCH!eternal-september.org!.POSTED!not-for-mail
From: Warren <ve3wwg@gmail.com>
Newsgroups: comp.lang.ada
Subject: Re: Web browser in Ada
Date: Mon, 26 Apr 2010 15:37:17 +0000 (UTC)
Organization: A noiseless patient Spider
Message-ID: <Xns9D66763C251CEWarrensBlatherings@188.40.43.213>
References: <02c2bf63-260d-4acc-bd58-c8fb8a591ec3@b6g2000yqi.googlegroups.com>
 <0bf9425c-32a1-4b93-b938-ae4a4e24a761@c21g2000yqk.googlegroups.com>
 <f3afe709-a918-4bbe-b687-51c687bca3a0@k41g2000yqf.googlegroups.com>
 <4bd23c72$0$2399$4d3efbfe@news.sover.net>
Injection-Date: Mon, 26 Apr 2010 15:37:17 +0000 (UTC)
Injection-Info: mx02.eternal-september.org;
 posting-host="9f8M0iN5t54V+4DF/iqO8g";
	logging-data="23050"; mail-complaints-to="abuse@eternal-september.org";
	posting-account="U2FsdGVkX19ghUczuZEiHKCDh+2rBBw3j2kICYmqIQY="
User-Agent: Xnews/5.04.25
X-Face: 
 &6@]C2>ZS=NM|HE-^zWuryN#Z/2_.s9E|G&~DRi|sav9{E}XQJb*\_>=a5"q]\%A;5}LKP][1mA{gZ,Q!j
Cancel-Lock: sha1:4hPnPpRdoCrwfug3WqQ6/RGilmU=
Xref: g2news2.google.com comp.lang.ada:11184
Date: 2010-04-26T15:37:17+00:00
List-Id: <comp.lang.ada>

Peter C. Chapin expounded in
news:4bd23c72$0$2399$4d3efbfe@news.sover.net: 

> Gautier write-only wrote:
> 
>> My impression is that a good part of vulnerabilities are indeed
>> within plug-ins, another good part is between the browser and a
>> plug-in (typically, browser X need to be patched but not the others
>> nor the plug-in), and the third part, important as well, is about
>> CSS, JavaScript, image storage or decoding, XML, HTML parsing and
>> other core parts of browsers.
> 
> I had actually thought that building a web browser in Ada would be a
> nice project (if only I had more time!). I'm not sure how much of a
> difference in security it would make... probably some.
> 
> Any browser that could be realistically used would need to support
> JavaScript. While an Ada JavaScript implementation might (or might
> not) be more secure than a C implementation, it seems to me that any
> vulnerability related to the JavaScript language itself would still be
> a risk. 
..
> Peter

To do it "right" would involve rewriting almost everything
above the O/S level, as you implied. Everything including
the image rendering libraries would be necessary.

The trick perhaps, is to convince the Military to do it as 
an open sourced project. ;-)

Warren