From: jman AT lx DOT net (jman) Subject: Re: Security hole in gnu-win32-gcc 11 Sep 1997 14:58:05 -0700 Message-ID: <3.0.3.32.19970911120028.00741024cygnus.gnu-win32@208.221.108.11> References: <34159832 DOT 52CD AT hit DOT handshake DOT de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: Daniel Kroening , gnu-win32 AT cygnus DOT com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This was found an discussed a while back you can search the ml archive's for exact times, but nothing was ever decisive about it other then its there an nothing can be done. I have found reboot the win95 system an before ya do anything else as in opening a secure document do your compiling then and only then open the secure document. At 07:40 PM 9/9/97 +0000, Daniel Kroening wrote: >Hello, > >I discovered a security hole in cygnus gnu-win32 gcc: Obviously, >allocated ram is not initialised. The generated binaries thus contain >parts of the main memory of the machine compiling it. In binaries, where >uninitialied arrays are, I discovered parts of web pages and other data >of the memory. It might sound harmless, but confident documents or even >pgp secret keys might get disclosed. > >Daniel Krvning -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBNBgjqw6ne3t4b32aEQIXdQCgwNI9qcxbIZO884lQjB3Uq4kSn6gAoNDb OaldB/O+u6KnWeOAABhnKR2j =t0eZ -----END PGP SIGNATURE----- ------------------------------------------------------- Jason L. Esman aka _Jman Owner Den Internet Services System Admin. Network Consulting http://www.deninc.com | (down) irc.lx.net irc.deninc.com Email jman AT lx DOT net or root AT lx DOT net Finger jman AT lx DOT net for PGP Public Keys... ------------------------------------------------------- - For help on using this list (especially unsubscribing), send a message to "gnu-win32-request AT cygnus DOT com" with one line of text: "help".