This is the mail archive of the cygwin@sourceware.cygnus.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re[2]: Security hole in gnu-win32-gcc / GlobalAlloc

To: kroening at hit dot handshake dot de, "Boatwright, Charles" <Charles_Boatwright at cisnc dot canon dot com>
Subject: Re[2]: Security hole in gnu-win32-gcc / GlobalAlloc
From: "David MAUGIS" <david dot maugis at sonovision-itep dot fr>
Date: Fri, 12 Sep 97 13:13:51 PST
Cc: gnu-win32 at cygnus dot com

     
I think GlobalAlloc is slower because, basicaly, when you allocate uninitialized
memory (i.e. non zeroized ) you call a low level function : VirtualAlloc
VirtualAlloc doesnt allocate any memory at first but only reserves address 
space. When you access this address space, the memory is then allocated.

I suppose that if you try to allocate zeroized memory, GlobalAlloc has to map 
all memory at once ...


____________________________ S‚parateur R‚ponse ________________________________
Objet : RE: Security hole in gnu-win32-gcc
Auteur :  "Boatwright, Charles" <Charles_Boatwright@cisnc.canon.com> … PAR-SMTP
Date :    12/09/1997 12:10


Daniel,
     
Before this causes all sorts of excitement to the list (again). 
You can't avoid it without much ado.  Even a reboot on some 
PCs won't clear  all memory, so the OS must supply the implementation.
     
This is not a ( new ) security hole.  This will always happen on Win95.
     
NT is another story.
     
This security costs CPU cycles.  At times it costs alot.  
Memory allocation (GlobalAlloc) is much 
slower, especially  following a swap (I don't know the 
exact reason why .... yet).  Also program loading is slower.
     
-chuck
     
> ----------
> From:  Daniel Kroening[SMTP:kroening@hit.handshake.de] 
> Sent:  Tuesday, September 09, 1997 12:40 PM
> To:  gnu-win32@cygnus.com
> Subject:  Security hole in gnu-win32-gcc 
> 
> Hello,
> 
> I discovered a security hole in cygnus gnu-win32 gcc: Obviously,
> allocated ram is not initialised. The generated binaries thus contain 
> parts of the main memory of the machine compiling it. In binaries,
> where
> uninitialied arrays are, I discovered parts of web pages and other 
> data
> of the memory. It might sound harmless, but confident documents or 
> even
> pgp secret keys might get disclosed. 
> 
> Daniel Krvning
> -
> For help on using this list (especially unsubscribing), send a message 
> to
> "gnu-win32-request@cygnus.com" with one line of text: "help". 
> 
-
For help on using this list (especially unsubscribing), send a message to 
"gnu-win32-request@cygnus.com" with one line of text: "help".

-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request@cygnus.com" with one line of text: "help".

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]