Security Issues found by Microsoft's Application Verifier
Bill McCormick
wpmccormick@covad.net
Tue Aug 19 02:51:00 GMT 2003
Death to sales guys
> Microsoft's Application Verifier (free) software identified this issue
> in just about every Cygwin executable:
> The application assigned an object (file, registry key, etc.) an
> excessively permissive security descriptor. Depending on the
> permissions granted (detailed in the log entry), an unauthorized user
> could perform illegitimate actions on the object (for example, delete
> it). This could disrupt application operation in different ways,
> depending on the permissions granted and what they mean for the object
> in question.
>
> called from cygpath.exe, make.exe, and just about every other binary
> executable
> (cygwin1.dll:00056726) Object created/set by CreateFileMapping:
> cygpid.7BC has a NULL DACL - grants full access to all users
>
> Please send replies directly to me also as I am not a list subscriber.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.506 / Virus Database: 303 - Release Date: 8/1/2003
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list