Web browser in Ada
in [ADA]
|
From: Maciej Sobczak on 23 Apr 2010 09:56 On 23 Kwi, 10:03, Gautier write-only <gautier_niou...(a)hotmail.com> wrote: > The main idea would have a safe browser. From what I understand, the vulnerabilities in todays browsers are related to plugins or dependent libraries, which are all natively executed. Writing a web browser in Ada that would not have those plugins (you are not going to reimplement them, I believe) would be - as far as security is concerned - equivalent to a reasonable existing browser with all plugins disabled. Am I missing something? Could you refer to an existing browser vulnerability that is related to the core browser engine and that would be avoided by choosing another language? (I'm genuinely interested) -- Maciej Sobczak * http://www.inspirel.com YAMI4 - Messaging Solution for Distributed Systems http://www.inspirel.com/yami4
From: Georg Bauhaus on 23 Apr 2010 10:37 On 23.04.10 15:56, Maciej Sobczak wrote: > > Could you refer to an existing browser vulnerability that is related > to the core browser engine and that would be avoided by choosing > another language? > (I'm genuinely interested) Does CSS count? Or image rendering components? "buffer overflow" + {ie6, mozilla, ...} produce a number of search results. Then there is the presence of DEP in recent MS systems brough to your desktop with IE7 ... Buffer overflow continues to rank high, e.g. in the 2010 SANS Top 25: http://cwe.mitre.org/data/definitions/120.html Integer overflow or wraparound and improper array indexing rank somewhat lower, but are present, too. BTW, why do we still subscribe to the notion "integer overflow" when the one thing that any sequence of what is commonly known as integers cannot possibly do is to overflow? Maybe the wording is at the heart of the problem. I think it is adequate and pedagogical to call it "int overflow".
|
Pages: 1 Prev: integer questia Next: Fedora, Debian and other GNU/Linux distributions (was: gnatmake problem) |