Peter Norton wrote:
To explore the content of exe file produced by gpc I compiled foo.pas - just "begin end.". It gave me 349.322 bytes exe file. Open it with hex editor I was wondered with content - there are a small manual how to use RTS (?), alot of zeros ... and a few web addresses I visited a few days ago! I have compiled one more time with -s switch. Again the visited addresses from the history of my Opera 6.05 I used hour before. Exploring it closer I found that some random memory dump is embeding in to exe. Who knows what will be there the next time - may be an accout's passwords or credit card detail you entered some days ago in browser. It placed after second 'msvcrt.dll' followed by two zeros and always is 328 bytes. I saved a few samples if someone will be interest. I use GPC under MinGW on Windows 98SE. Is it known issue?
AFAIK, it's a known issue ... of certain Windows versions. I've seen similar reports about MS-Word files etc.
The problem is that these Windows versions do not protect memory adequately, so newly allocated memory and/or memory paged out and back in can contain data from other processes.
I suppose that the NT-based versions will do better, but I'm not sure since I don't use any of them myself.
So, the moral is that *any* file created on Windows 98 etc. (except text files etc. where you can see exactly what they contain) may reveal sensible data when given to someone else. (Even if you don't see anything suspicious in a hex editor for a given file, that doesn't mean much since there could be binary data leaked.) What this means on a networked PC (apart from the "regular" insecurities and vulnerabilities) is up to you to imagine ...
Frank