The Danger of Windows 9x/Me Not Initializing Allocated Memory/Diskspace
As everyone knows, Windows 9x/Me doesn't initialize (clear) memory allocated by an application before allowing that application to use it. The dangers of this are fairly obvious; sensitive information may well be "leaked" without the user being aware.
This article (taken from the Risks digest 21.50) describes how one person discovered his compiler could have been telling the world information that he would rather was kept secret...
Note: Although this article describes Microsoft Visual C++ 6, the risk is present not only in compilers, but pretty much any other application...
Subject: Risks Digest 21.50
Message-ID:
Reply-To: RISKS List Owner
RISKS-LIST: Risks-Forum Digest Thursday 12 July 2001 Volume 21 :
Issue 50
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
(comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann,
moderator
***** See last item for further information, disclaimers, caveats, etc.
*****
This issue is archived at
and by anonymous ftp at ftp.sri.com, cd risks .
------------------------------
[part of digest snipped]
------------------------------
Date: Thu, 12 Jul 2001 14:20:52 -0400 (EDT)
From: David Winfrey
Subject: Uncleared disk space and MSVC
I have a program called "clrspace" which clears the unused space on my
hard disk. When I use it at work, I set it to fill the space with the
company name and phone number.
Recently I got a new copy of the Microsoft Visual C++ compiler, version
6, introductory edition.
Today, after compiling a program of the "Hello World" level of
complexity and finding that the resulting program was well over 100
kilobytes, I went to the DOS prompt and looked at the .EXE file with
a hex editor to try to find out why it was so big.
I was surprised to find "Property of Acme Widgets, 301-555-1212" in the
.EXE file from 0x6000 to 0x14FFF. The compiler had obviously just grabbed a
big chunk of disk space and stuffed it into the file, without bothering to
clear it first.
If that particular chunk of disk had been used for something
confidential, and if this were the production version of the compiler that
allows redistribution of executables (the intro version doesn't, although this
restriction is somehow omitted from the outside of the package), then
60 kilobytes of company plans, source code, spreadsheets, customer lists,
or whatever could have been burned onto CD and shipped to customers around
the world.
Anyone compiling programs with MSVC may want to examine the output
closely for data that shouldn't be there.
------------------------------
[part of digest snipped]
------------------------------
Date: 12 Feb 2001 (LAST-MODIFIED)
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The RISKS Forum is a MODERATED digest. Its Usenet equivalent is
comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or
equivalent)
if possible and convenient for you. Alternatively, via majordomo,
SEND DIRECT E-MAIL REQUESTS to with
one-line,
SUBSCRIBE (or UNSUBSCRIBE)
which now requires confirmation to majordomo@CSL.sri.com (not to
risks-owner)
[with option of E-mail address if not the same as FROM: on the same
line,
which requires PGN's intervention -- to block spamming subscriptions,
etc.] or
INFO [for unabridged version of RISKS information]
.MIL users should contact (Dennis
Rears).
.UK users should contact .
=> The INFO file (submissions, default disclaimers, archive sites,
copyright policy, PRIVACY digests, etc.) is also obtainable from
http://www.CSL.sri.com/risksinfo.html
ftp://www.CSL.sri.com/pub/risks.info
The full info file will appear now and then in future issues. *** All
contributors are assumed to have read the full info file for
guidelines. ***
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line.
=> ARCHIVES are available: ftp://ftp.sri.com/risks or
ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks
[volume-summary issues are in risks-*.00]
[back volumes have their own subdirectories, e.g., "cd 20" for
volume 20]
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue].
Lindsay Marshall has also added to the Newcastle catless site a
palmtop version of the most recent RISKS issue and a WAP version
that
works for many but not all telephones: http://catless.ncl.ac.uk/w/r
http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
http://www.planetmirror.com/pub/risks/
ftp://ftp.planetmirror.com/pub/risks/
==> PGN's comprehensive historical Illustrative Risks summary of one
liners:
http://www.csl.sri.com/illustrative.html for browsing,
http://www.csl.sri.com/illustrative.pdf or .ps for printing
------------------------------
End of RISKS-FORUM Digest 21.50
************************
Email me at: sdean12@sdean12.org
Return to my main page