From: david DOT maugis AT sonovision-itep DOT fr (David MAUGIS) Subject: Re[2]: Security hole in gnu-win32-gcc / GlobalAlloc 12 Sep 1997 04:57:43 -0700 Message-ID: <9708128740.AA874095276cygnus.gnu-win32@sitemail.sonovision-itep.fr> To: kroening AT hit DOT handshake DOT de, "Boatwright, Charles" I think GlobalAlloc is slower because, basicaly, when you allocate uninitialized memory (i.e. non zeroized ) you call a low level function : VirtualAlloc VirtualAlloc doesnt allocate any memory at first but only reserves address space. When you access this address space, the memory is then allocated. I suppose that if you try to allocate zeroized memory, GlobalAlloc has to map all memory at once ... ____________________________ S‚parateur R‚ponse ________________________________ Objet : RE: Security hole in gnu-win32-gcc Auteur : "Boatwright, Charles" … PAR-SMTP Date : 12/09/1997 12:10 Daniel, Before this causes all sorts of excitement to the list (again). You can't avoid it without much ado. Even a reboot on some PCs won't clear all memory, so the OS must supply the implementation. This is not a ( new ) security hole. This will always happen on Win95. NT is another story. This security costs CPU cycles. At times it costs alot. Memory allocation (GlobalAlloc) is much slower, especially following a swap (I don't know the exact reason why .... yet). Also program loading is slower. -chuck > ---------- > From: Daniel Kroening[SMTP:kroening AT hit DOT handshake DOT de] > Sent: Tuesday, September 09, 1997 12:40 PM > To: gnu-win32 AT cygnus DOT com > Subject: Security hole in gnu-win32-gcc > > Hello, > > I discovered a security hole in cygnus gnu-win32 gcc: Obviously, > allocated ram is not initialised. The generated binaries thus contain > parts of the main memory of the machine compiling it. In binaries, > where > uninitialied arrays are, I discovered parts of web pages and other > data > of the memory. It might sound harmless, but confident documents or > even > pgp secret keys might get disclosed. > > Daniel Krvning > - > For help on using this list (especially unsubscribing), send a message > to > "gnu-win32-request AT cygnus DOT com" with one line of text: "help". > - For help on using this list (especially unsubscribing), send a message to "gnu-win32-request AT cygnus DOT com" with one line of text: "help". - For help on using this list (especially unsubscribing), send a message to "gnu-win32-request AT cygnus DOT com" with one line of text: "help".