Mail Archives: cygwin/1997/09/10/16:48:45

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/1997/09/10/16:48:45

From: kroening AT hit DOT handshake DOT de (Daniel Kroening)

Subject: Security hole in gnu-win32-gcc

10 Sep 1997 16:48:45 -0700 :

Approved: cygnus DOT gnu-win32 AT cygnus DOT com

Distribution: cygnus

Message-ID: <34159832.52CD.cygnus.gnu-win32@hit.handshake.de>

Mime-Version: 1.0

X-Mailer: Mozilla 3.01 [de] (Win95; I)

Original-To: gnu-win32 AT cygnus DOT com

Original-Sender: owner-gnu-win32 AT cygnus DOT com

Hello,

I discovered a security hole in cygnus gnu-win32 gcc: Obviously,
allocated ram is not initialised. The generated binaries thus contain
parts of the main memory of the machine compiling it. In binaries, where
uninitialied arrays are, I discovered parts of web pages and other data
of the memory. It might sound harmless, but confident documents or even
pgp secret keys might get disclosed.

Daniel Krvning
-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request AT cygnus DOT com" with one line of text: "help".

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

From:	kroening AT hit DOT handshake DOT de (Daniel Kroening)
Subject:	Security hole in gnu-win32-gcc
10 Sep 1997 16:48:45 -0700 :
Approved:	cygnus DOT gnu-win32 AT cygnus DOT com
Distribution:	cygnus
Message-ID:	<34159832.52CD.cygnus.gnu-win32@hit.handshake.de>
Mime-Version:	1.0
X-Mailer:	Mozilla 3.01 [de] (Win95; I)
Original-To:	gnu-win32 AT cygnus DOT com
Original-Sender:	owner-gnu-win32 AT cygnus DOT com