From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Boatwright, Charles" To: "'Daniel Kroening'" Cc: "'gnu-win32@cygnus.com'" Subject: RE: Security hole in gnu-win32-gcc Date: Thu, 11 Sep 1997 10:00:00 -0000 Message-id: <5F404EEF30B3CF11B76B00000000000182E567@cisncdc> X-SW-Source: 1997-09/msg00209.html Daniel, Before this causes all sorts of excitement to the list (again). You can't avoid it without much ado. Even a reboot on some PCs won't clear all memory, so the OS must supply the implementation. This is not a ( new ) security hole. This will always happen on Win95. NT is another story. This security costs CPU cycles. At times it costs alot. Memory allocation (GlobalAlloc) is much slower, especially following a swap (I don't know the exact reason why .... yet). Also program loading is slower. -chuck > ---------- > From: Daniel Kroening[SMTP:kroening@hit.handshake.de] > Sent: Tuesday, September 09, 1997 12:40 PM > To: gnu-win32@cygnus.com > Subject: Security hole in gnu-win32-gcc > > Hello, > > I discovered a security hole in cygnus gnu-win32 gcc: Obviously, > allocated ram is not initialised. The generated binaries thus contain > parts of the main memory of the machine compiling it. In binaries, > where > uninitialied arrays are, I discovered parts of web pages and other > data > of the memory. It might sound harmless, but confident documents or > even > pgp secret keys might get disclosed. > > Daniel Krvning > - > For help on using this list (especially unsubscribing), send a message > to > "gnu-win32-request@cygnus.com" with one line of text: "help". > - For help on using this list (especially unsubscribing), send a message to "gnu-win32-request@cygnus.com" with one line of text: "help".