This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Security Issues found by Microsoft's Application Verifier


Death to sales guys

> Microsoft's Application Verifier (free) software identified this issue 
> in just about every Cygwin executable:
> The application assigned an object (file, registry key, etc.) an 
> excessively permissive security descriptor.  Depending on the 
> permissions granted (detailed in the log entry), an unauthorized user 
> could perform illegitimate actions on the object (for example, delete 
> it).  This could disrupt application operation in different ways, 
> depending on the permissions granted and what they mean for the object 
> in question.
> 
> called from cygpath.exe, make.exe, and just about every other binary 
> executable
> (cygwin1.dll:00056726) Object created/set by CreateFileMapping: 
> cygpid.7BC has a NULL DACL - grants full access to all users
> 
> Please send replies directly to me also as I am not a list subscriber.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.506 / Virus Database: 303 - Release Date: 8/1/2003
 


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]