www.delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/1997/09/12/04:57:43

From: david DOT maugis AT sonovision-itep DOT fr (David MAUGIS)
Subject: Re[2]: Security hole in gnu-win32-gcc / GlobalAlloc
12 Sep 1997 04:57:43 -0700 :
Message-ID: <9708128740.AA874095276cygnus.gnu-win32@sitemail.sonovision-itep.fr>
To: kroening AT hit DOT handshake DOT de,
"Boatwright, Charles" <Charles_Boatwright AT cisnc DOT canon DOT com> 

     
I think GlobalAlloc is slower because, basicaly, when you allocate uninitialized
memory (i.e. non zeroized ) you call a low level function : VirtualAlloc
VirtualAlloc doesnt allocate any memory at first but only reserves address 
space. When you access this address space, the memory is then allocated.

I suppose that if you try to allocate zeroized memory, GlobalAlloc has to map 
all memory at once ...


____________________________ S‚parateur R‚ponse ________________________________
Objet : RE: Security hole in gnu-win32-gcc
Auteur :  "Boatwright, Charles" <Charles_Boatwright AT cisnc DOT canon DOT com> … PAR-SMTP
Date :    12/09/1997 12:10


Daniel,
     
Before this causes all sorts of excitement to the list (again). 
You can't avoid it without much ado.  Even a reboot on some 
PCs won't clear  all memory, so the OS must supply the implementation.
     
This is not a ( new ) security hole.  This will always happen on Win95.
     
NT is another story.
     
This security costs CPU cycles.  At times it costs alot.  
Memory allocation (GlobalAlloc) is much 
slower, especially  following a swap (I don't know the 
exact reason why .... yet).  Also program loading is slower.
     
-chuck
     
> ----------
> From:  Daniel Kroening[SMTP:kroening AT hit DOT handshake DOT de] 
> Sent:  Tuesday, September 09, 1997 12:40 PM
> To:  gnu-win32 AT cygnus DOT com
> Subject:  Security hole in gnu-win32-gcc 
> 
> Hello,
> 
> I discovered a security hole in cygnus gnu-win32 gcc: Obviously,
> allocated ram is not initialised. The generated binaries thus contain 
> parts of the main memory of the machine compiling it. In binaries,
> where
> uninitialied arrays are, I discovered parts of web pages and other 
> data
> of the memory. It might sound harmless, but confident documents or 
> even
> pgp secret keys might get disclosed. 
> 
> Daniel Krvning
> -
> For help on using this list (especially unsubscribing), send a message 
> to
> "gnu-win32-request AT cygnus DOT com" with one line of text: "help". 
> 
-
For help on using this list (especially unsubscribing), send a message to 
"gnu-win32-request AT cygnus DOT com" with one line of text: "help".

-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request AT cygnus DOT com" with one line of text: "help".

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019