This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Security Issues found by Microsoft's Application Verifier

Death to sales guys

> Microsoft's Application Verifier (free) software identified this issue 
> in just about every Cygwin executable:
> The application assigned an object (file, registry key, etc.) an 
> excessively permissive security descriptor.  Depending on the 
> permissions granted (detailed in the log entry), an unauthorized user 
> could perform illegitimate actions on the object (for example, delete 
> it).  This could disrupt application operation in different ways, 
> depending on the permissions granted and what they mean for the object 
> in question.
> called from cygpath.exe, make.exe, and just about every other binary 
> executable
> (cygwin1.dll:00056726) Object created/set by CreateFileMapping: 
> cygpid.7BC has a NULL DACL - grants full access to all users
> Please send replies directly to me also as I am not a list subscriber.

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (
Version: 6.0.506 / Virus Database: 303 - Release Date: 8/1/2003

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]