From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!feeder.eternal-september.org!aioe.org!.POSTED.sMx2bb/nEZq/VWgFijZRmQ.user.gioia.aioe.org!not-for-mail
From: russ lyttle <lyttlec@removegmail.com>
Newsgroups: comp.lang.ada
Subject: Re: Ada in command / control systems
Date: Fri, 1 Mar 2019 18:24:52 -0500
Organization: Aioe.org NNTP Server
Message-ID: <q5cf02$91r$1@gioia.aioe.org>
References: <2199b15b-d704-403f-a6c4-00fab29792d5@googlegroups.com>
 <q508nv$gnb$1@gioia.aioe.org> <q50rqs$1ard$1@gioia.aioe.org>
 <8b218d52-9749-4555-91c8-597457708ad5@googlegroups.com>
 <ly7ediilbb.fsf@pushface.org> <q5c7kh$17g5$1@gioia.aioe.org>
 <fdd052d9-ae8d-4c1e-9306-9d7d71ccc835@googlegroups.com>
NNTP-Posting-Host: sMx2bb/nEZq/VWgFijZRmQ.user.gioia.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@aioe.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.5.1
Content-Language: en-US
X-Notice: Filtered by postfilter v. 0.9.2
Xref: reader01.eternal-september.org comp.lang.ada:55759
Date: 2019-03-01T18:24:52-05:00
List-Id: <comp.lang.ada>

On 3/1/19 5:32 PM, fabien.chouteau@gmail.com wrote:
> On Friday, March 1, 2019 at 10:19:18 PM UTC+1, russ lyttle wrote:
>> That's a lot of SLOC!
> 
> It is a lot of Ada SLOC indeed, we have been working hard on this project. That being said a good portion of it is generated by SVD2Ada.
> 
>> How can we show that the Python code isn't
>> inserting something into gnat that doesn't belong there? It's been done
>> before.
> 
> What are you talking about?
> 
There have been incidents where vulnerabilities in a deployed 
application were caused by unnecessary code inserted by the compiler. 
At least one was to insert a deliberate backdoor. Some were Easter eggs, 
most simple errors. Windows has lots of Easter Eggs that can be used for 
virus insertion. If the Python code can't do anything that would cause 
gnat to insert erroneous code into the application, great. Otherwise, 
the interpreter and all the modules used by the Python code must be 
qualified to prove that Python does not insert bad code. C compilers 
have been qualified many times. Some Ada compilers have been qualified. 
To my knowledge, Python interpreters have not.