From: kroening AT hit DOT handshake DOT de (Daniel Kroening) Subject: Security hole in gnu-win32-gcc 10 Sep 1997 16:48:45 -0700 Approved: cygnus DOT gnu-win32 AT cygnus DOT com Distribution: cygnus Message-ID: <34159832.52CD.cygnus.gnu-win32@hit.handshake.de> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mozilla 3.01 [de] (Win95; I) Original-To: gnu-win32 AT cygnus DOT com Original-Sender: owner-gnu-win32 AT cygnus DOT com Hello, I discovered a security hole in cygnus gnu-win32 gcc: Obviously, allocated ram is not initialised. The generated binaries thus contain parts of the main memory of the machine compiling it. In binaries, where uninitialied arrays are, I discovered parts of web pages and other data of the memory. It might sound harmless, but confident documents or even pgp secret keys might get disclosed. Daniel Krvning - For help on using this list (especially unsubscribing), send a message to "gnu-win32-request AT cygnus DOT com" with one line of text: "help".