From:	Charles_Boatwright AT cisnc DOT canon DOT com (Boatwright, Charles)
Subject:	RE: Security hole in gnu-win32-gcc
11 Sep 1997 15:01:23 -0700 :
Message-ID:	<5F404EEF30B3CF11B76B00000000000182E567cygnus.gnu-win32@cisncdc>
Mime-Version:	1.0
To:	"'Daniel Kroening'" <kroening AT hit DOT handshake DOT de>

Daniel,

Before this causes all sorts of excitement to the list (again).
You can't avoid it without much ado.  Even a reboot on some 
PCs won't clear  all memory, so the OS must supply the implementation.

This is not a ( new ) security hole.  This will always happen on Win95.

NT is another story.

This security costs CPU cycles.  At times it costs alot.  
Memory allocation (GlobalAlloc) is much 
slower, especially  following a swap (I don't know the 
exact reason why .... yet).  Also program loading is slower.

-chuck

> ----------
> From: 	Daniel Kroening[SMTP:kroening AT hit DOT handshake DOT de]
> Sent: 	Tuesday, September 09, 1997 12:40 PM
> To: 	gnu-win32 AT cygnus DOT com
> Subject: 	Security hole in gnu-win32-gcc
> 
> Hello,
> 
> I discovered a security hole in cygnus gnu-win32 gcc: Obviously,
> allocated ram is not initialised. The generated binaries thus contain
> parts of the main memory of the machine compiling it. In binaries,
> where
> uninitialied arrays are, I discovered parts of web pages and other
> data
> of the memory. It might sound harmless, but confident documents or
> even
> pgp secret keys might get disclosed.
> 
> Daniel Krvning
> -
> For help on using this list (especially unsubscribing), send a message
> to
> "gnu-win32-request AT cygnus DOT com" with one line of text: "help".
> 
-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request AT cygnus DOT com" with one line of text: "help".

- Raw text -