TEAM-ADA Archives

Team Ada: Ada Programming Language Advocacy

TEAM-ADA@LISTSERV.ACM.ORG

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
"Team Ada: Ada Advocacy Issues (83 & 95)" <[log in to unmask]>
Date:
Thu, 20 Jul 2000 10:22:30 -0400
Reply-To:
Terry Westley <[log in to unmask]>
Subject:
MIME-Version:
1.0
Content-Transfer-Encoding:
7bit
In-Reply-To:
Content-Type:
text/plain; charset="iso-8859-1"
From:
Terry Westley <[log in to unmask]>
Parts/Attachments:
text/plain (41 lines)
+> I don't know how many of you follow the security bulletins
> in the Unix-world, but there has recently been a lot of
> trouble with the more widely used FTP daemons (one of them
> is WU-FTPD).

I'm not familiar with this particular problem, but many
security problems in internet clients and servers are the
result of buffer overflow bugs.  An example is the recent
flap over Outlook and executable code in MIME headers.

Please do not be so confident as to assume this doesn't
happen if you were to implement the code in Ada.  You
certainly can prevent it in pure Ada code, but if you are
interfacing to the operating system, you are still subject
to potential problems.

Here's a story of one such buffer overflow, though not in
internet code:

I recently ported some Ada code which contained an interface
to the TM time structure (time.h) from Solaris to Linux.  I
did not carefully examine the Linux include file, just compiled
the code.  Turns out that the Linux (Slackware) had an extra
long and char* in the structure that weren't in the Solaris
definition.  Took me quite awhile to find the bug.  The code
worked when I had a Text_IO debug statement, but not when I
removed it.  That's the only clue I had!

Yes, I know it was my own fault.  I just tell the story to
show that Ada, by itself, is not a substitute for careful
design and engineering.  But, you all knew that, right?

--
Terry J. Westley, Software Development Manager
Veridian Engineering, Information Warfare
[log in to unmask]   http://www.veridian.com/
-------------------------------------------------------
Author of TASH, an Ada binding to Tcl/Tk.
Visit the TASH web site at http://www.adatcl.com.
-------------------------------------------------------

ATOM RSS1 RSS2