This is the mail archive of the
cygwin@sourceware.cygnus.com
mailing list for the Cygwin project.
Security hole in gnu-win32-gcc
- To: gnu-win32 at cygnus dot com
- Subject: Security hole in gnu-win32-gcc
- From: Daniel Kroening <kroening at hit dot handshake dot de>
- Date: Tue, 09 Sep 1997 19:40:51 +0000
- Organization: Handshake e.V.
Hello,
I discovered a security hole in cygnus gnu-win32 gcc: Obviously,
allocated ram is not initialised. The generated binaries thus contain
parts of the main memory of the machine compiling it. In binaries, where
uninitialied arrays are, I discovered parts of web pages and other data
of the memory. It might sound harmless, but confident documents or even
pgp secret keys might get disclosed.
Daniel Krvning
-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request@cygnus.com" with one line of text: "help".