From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 107f24,582dff0b3f065a52
X-Google-Attributes: gid107f24,public
X-Google-Thread: 109fba,582dff0b3f065a52
X-Google-Attributes: gid109fba,public
X-Google-Thread: 103376,bc1361a952ec75ca
X-Google-Attributes: gid103376,public
X-Google-Thread: 1014db,582dff0b3f065a52
X-Google-Attributes: gid1014db,public
X-Google-ArrivalTime: 2001-08-01 13:37:02 PST
Path: 
 archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!headwall.stanford.edu!feeder.via.net!cyclone-sf.pbi.net!209.10.34.151!newsfeed.sjc.globix.net!news.sjc.globix.net!not-for-mail
Sender: mcowan@mcowan-linux.transmeta.com
Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional
Subject: Re: How Ada could have prevented the Red Code distributed denial of
 service attack.
References: <bebbba07.0107292308.d1192fc@posting.google.com>
 <slrn9ma7qp.nac.randhol@kiuk0156.chembio.ntnu.no>
 <3B6555ED.9B0B0420@sneakemail.com> <87n15lxzzv.fsf@deneb.enyo.de>
 <yecofq03kih.fsf@king.cts.com> <3B672322.B5EA1B66@home.com>
 <ppsemtojqkqsqpfvj1th3mae8b4vu1tg89@4ax.com>
 <tmfvrpmb575l80@corp.supernews.com>
 <slrn9mg902.aa.randhol+abuse@kiuk0156.chembio.ntnu.no>
From: Micah Cowan <micah@cowanbox.com>
Message-ID: <yu8zo9jcyah.fsf@mcowan-linux.transmeta.com>
X-Newsreader: Gnus v5.7/Emacs 20.4
Organization: Transmeta Corporation
Cache-Post-Path: palladium.transmeta.com!unknown@mcowan-linux.transmeta.com
X-Cache: nntpcache 2.4.0b5 (see http://www.nntpcache.org/)
Date: 01 Aug 2001 13:36:54 -0700
NNTP-Posting-Host: 209.10.217.66
X-Complaints-To: news@globix.net
X-Trace: news.sjc.globix.net 996698216 209.10.217.66 (Wed,
 01 Aug 2001 13:36:56 PDT)
NNTP-Posting-Date: Wed, 01 Aug 2001 13:36:56 PDT
Xref: archiver1.google.com comp.lang.ada:10983 comp.lang.c:71379
 comp.lang.c++:79154 comp.lang.functional:7100
Date: 2001-08-01T13:36:54-07:00
List-Id: <comp.lang.ada>

randhol+abuse@pvv.org (Preben Randhol) writes:

> On Wed, 1 Aug 2001 09:09:12 -0400, Mike Smith wrote:
> 
> > The buffer overflow occurs because of a bug in the *Microsoft* C library.
> > This is not endemic to C or C++ in general.  
> 
> The point is that if you look at the security bugs in Linux or Microsoft
> software they consists mainly of buffer overflow bugs. This comes from
> using languages such as C and C++ which allow buffer overflow due to
> their design. Other languages eliminate this problem to a large extent.

And implementations for these other languages are typically written in
what?  Hm?

If you confine yourself to safe string use, you will have no
difficulties.  Power always comes at the risk of its abuse. So?

"Modern" languages such as, oh, say Perl and Python, have no known
buffer overflow problems.  But what did the authors use to implement
them with?  So, if these buffer-stable languages are implemented in
"unsafe" languages such as C and C++; how were they able to write
"safe" language implementations in them?  Oh! Oh!  Pick me!  I know!

...careful design and programming (good ideas for any language).

Micah

-- 
"Everytime you declare main() as returning void - somewhere a little
baby cries.  So please, do it for the children."  -- Daniel Fox