This is the mail archive of the
mailing list for the Cygwin project.
RE: Security Issues found by Microsoft's Application Verifier
- From: "Bill McCormick" <wpmccormick at covad dot net>
- To: <cygwin at cygwin dot com>
- Date: Mon, 18 Aug 2003 21:31:07 -0500
- Subject: RE: Security Issues found by Microsoft's Application Verifier
- Reply-to: <wpmccormick at covad dot net>
Death to sales guys
> Microsoft's Application Verifier (free) software identified this issue
> in just about every Cygwin executable:
> The application assigned an object (file, registry key, etc.) an
> excessively permissive security descriptor. Depending on the
> permissions granted (detailed in the log entry), an unauthorized user
> could perform illegitimate actions on the object (for example, delete
> it). This could disrupt application operation in different ways,
> depending on the permissions granted and what they mean for the object
> in question.
> called from cygpath.exe, make.exe, and just about every other binary
> (cygwin1.dll:00056726) Object created/set by CreateFileMapping:
> cygpid.7BC has a NULL DACL - grants full access to all users
> Please send replies directly to me also as I am not a list subscriber.
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.506 / Virus Database: 303 - Release Date: 8/1/2003
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html