From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID, LOTS_OF_MONEY autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,caa8ecf96e8cf189 X-Google-Attributes: gid103376,public From: dewar@merv.cs.nyu.edu (Robert Dewar) Subject: Re: Trusting GNAT for security software Date: 1998/03/01 Message-ID: #1/1 X-Deja-AN: 329700311 References: <34F421F6.3A5FFF59@towson.edu> <34F5A906.1704@gsfc.nasa.gov> <34F68913.2FF865DA@cl.cam.ac.uk> <6d67j5$474$1@news.nyu.edu> <34F9444D.D2F588@cl.cam.ac.uk> X-Complaints-To: usenet@news.nyu.edu X-Trace: news.nyu.edu 888759691 4806 (None) 128.122.140.58 Organization: New York University Newsgroups: comp.lang.ada Date: 1998-03-01T00:00:00+00:00 List-Id: Marcus syas <> YOu obviously know little about the way in which university projects are financed. Yes, the funds came from the DoD, but the DoD had ZERO control over the project. NYU will not accept any kind of restrictions on such projects. Early on, when we were working on Ada/Ed, NYU told the US Army that it would turn down $1 million, rather than accept a provision that publications had to be submitted to the Army for preapproval. The Army suggested leaving in the presubmission and removing the preapproval, but NYU said, no, remove the clause completely or take your money somewhere else. They removed it :-) Actually I think a university project, particularly one working with openly available sources, would be extremely hard to subvert in the manner that Marcus' paranoid thinking suggests. Many students had full access to every bit of information throughtout the development. Actually an interesting bit of archeological data is that we have the complete history of the GNAT project in terms of source development. The semantics processing for chapter 3 is now at version 1145, and you can look at all 1,144 previous versions, going back to the days when we bootstrapped with Alsys. As I said earlier, it always amuses me when people hypothesize that free software is somehow especially subject to intrusion of this kind, when in fact the exact opposite is true. There are freely distributed Ada compilers being copied across the net now which are entirely proprietary and you have no way of knowing what is inside them. Even there I think the probability of any kind of deliberate Trojan horse etc is very small, but note that in areas other than compilers there have been concerns with proprietary software, e.g. Microsoft collecting system information surreptitiously during installation, and various Web sites installing cookies of dubious recipe. So these kind of concerns are certainly not entirely frivolous. I think the general recommendations here are to make sure you are dealing with a reputable company and to be a little hesitant in using freeware, shareware, or other unsupported software on critical projects. One thing that is a bit worrisome is to see large critical porojects using unsupported software, and that does happen sometimes. Actually the larger risk is simply running into problems, rather than deliberate subversions. Finally, as I noted in earlier mail, you can if you like examine GNAT relatively easily at the code level to ensure absolutely that the code generated is what is expected. The only way to protect a Ken Tompson type Trojan Horse would be to enlist a huge suite of tools, both proprietary and free software in the conspiracy, and *that* is getting a little far-fetched, even for conspiracy buffs :-) Robert Dewar Ada Core Technologies