From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-ArrivalTime: 2001-08-01 15:56:04 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news.tele.dk!193.174.75.178!news-fra1.dfn.de!newsfeed01.univie.ac.at!news-vie-pub.1012internet.at!newsfeed.wu-wien.ac.at!not-for-mail From: Markus Mottl Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. Date: Wed, 1 Aug 2001 22:56:01 +0000 (UTC) Organization: University of Economics and Business Administration, Vienna, Austria Message-ID: <9ka1e1$b5h$2@bird.wu-wien.ac.at> References: <3B6555ED.9B0B0420@sneakemail.com> <87n15lxzzv.fsf@deneb.enyo.de> <3B672322.B5EA1B66@home.com> NNTP-Posting-Host: miss.wu-wien.ac.at X-Trace: bird.wu-wien.ac.at 996706561 11441 137.208.107.17 (1 Aug 2001 22:56:01 GMT) X-Complaints-To: news-admin@wu-wien.ac.at NNTP-Posting-Date: Wed, 1 Aug 2001 22:56:01 +0000 (UTC) User-Agent: tin/pre-1.4-981225 ("Volcane") (UNIX) (OSF1/V4.0 (alpha)) Xref: archiver1.google.com comp.lang.ada:11001 comp.lang.c:71452 comp.lang.c++:79189 comp.lang.functional:7122 Date: 2001-08-01T22:56:01+00:00 List-Id: In comp.lang.functional Micah Cowan wrote: > randhol+abuse@pvv.org (Preben Randhol) writes: >> The point is that if you look at the security bugs in Linux or Microsoft >> software they consists mainly of buffer overflow bugs. This comes from >> using languages such as C and C++ which allow buffer overflow due to >> their design. Other languages eliminate this problem to a large extent. > And implementations for these other languages are typically written in > what? Hm? Any language that attempts to be called serious bootstraps itself. Needless to say that the first compiler of a new language wasn't written in the language itself, but the same holds true for C/C++... > If you confine yourself I prefer being confined by the compiler. It's usually less sleepy than I. > "Modern" languages such as, oh, say Perl and Python, "New": yes, "modern": no. > have no known buffer overflow problems. But what did the authors > use to implement them with? So, if these buffer-stable languages are > implemented in "unsafe" languages such as C and C++; how were they able > to write "safe" language implementations in them? Oh! Oh! Pick me! > I know! Simple: after years of bug chasing and endless support by legions of users with bug reports, these issues have finally been solved... > ...careful design and programming (good ideas for any language). A sound type system and an expressive language: good ideas for any language ;) Regards, Markus Mottl -- Markus Mottl, mottl@miss.wu-wien.ac.at, http://miss.wu-wien.ac.at/~mottl