This is the mail archive of the
cygwin@sourceware.cygnus.com
mailing list for the Cygwin project.
RE: Security hole in gnu-win32-gcc
- To: "'Daniel Kroening'" <kroening at hit dot handshake dot de>
- Subject: RE: Security hole in gnu-win32-gcc
- From: "Boatwright, Charles" <Charles_Boatwright at cisnc dot canon dot com>
- Date: Thu, 11 Sep 1997 09:36:00 -0700
- Cc: "'gnu-win32 at cygnus dot com'" <gnu-win32 at cygnus dot com>
Daniel,
Before this causes all sorts of excitement to the list (again).
You can't avoid it without much ado. Even a reboot on some
PCs won't clear all memory, so the OS must supply the implementation.
This is not a ( new ) security hole. This will always happen on Win95.
NT is another story.
This security costs CPU cycles. At times it costs alot.
Memory allocation (GlobalAlloc) is much
slower, especially following a swap (I don't know the
exact reason why .... yet). Also program loading is slower.
-chuck
> ----------
> From: Daniel Kroening[SMTP:kroening@hit.handshake.de]
> Sent: Tuesday, September 09, 1997 12:40 PM
> To: gnu-win32@cygnus.com
> Subject: Security hole in gnu-win32-gcc
>
> Hello,
>
> I discovered a security hole in cygnus gnu-win32 gcc: Obviously,
> allocated ram is not initialised. The generated binaries thus contain
> parts of the main memory of the machine compiling it. In binaries,
> where
> uninitialied arrays are, I discovered parts of web pages and other
> data
> of the memory. It might sound harmless, but confident documents or
> even
> pgp secret keys might get disclosed.
>
> Daniel Krvning
> -
> For help on using this list (especially unsubscribing), send a message
> to
> "gnu-win32-request@cygnus.com" with one line of text: "help".
>
-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request@cygnus.com" with one line of text: "help".