From mboxrd@z Thu Jan 1 00:00:00 1970 From: jman@lx.net (jman) To: Daniel Kroening , gnu-win32@cygnus.com Subject: Re: Security hole in gnu-win32-gcc Date: Thu, 11 Sep 1997 10:00:00 -0000 Message-id: <3.0.3.32.19970911120028.00741024@208.221.108.11> References: <34159832.52CD@hit.handshake.de> X-SW-Source: 1997-09/msg00208.html -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This was found an discussed a while back you can search the ml archive's for exact times, but nothing was ever decisive about it other then its there an nothing can be done. I have found reboot the win95 system an before ya do anything else as in opening a secure document do your compiling then and only then open the secure document. At 07:40 PM 9/9/97 +0000, Daniel Kroening wrote: >Hello, > >I discovered a security hole in cygnus gnu-win32 gcc: Obviously, >allocated ram is not initialised. The generated binaries thus contain >parts of the main memory of the machine compiling it. In binaries, where >uninitialied arrays are, I discovered parts of web pages and other data >of the memory. It might sound harmless, but confident documents or even >pgp secret keys might get disclosed. > >Daniel Krvning -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBNBgjqw6ne3t4b32aEQIXdQCgwNI9qcxbIZO884lQjB3Uq4kSn6gAoNDb OaldB/O+u6KnWeOAABhnKR2j =t0eZ -----END PGP SIGNATURE----- ------------------------------------------------------- Jason L. Esman aka _Jman Owner Den Internet Services System Admin. Network Consulting http://www.deninc.com | (down) irc.lx.net irc.deninc.com Email jman@lx.net or root@lx.net Finger jman@lx.net for PGP Public Keys... ------------------------------------------------------- - For help on using this list (especially unsubscribing), send a message to "gnu-win32-request@cygnus.com" with one line of text: "help".