This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Security Issues found by Microsoft's Application Verifier


Microsoft's Application Verifier (free) software identified this issue in just about every Cygwin executable:
The application assigned an object (file, registry key, etc.) an excessively permissive security descriptor. Depending on the permissions granted (detailed in the log entry), an unauthorized user could perform illegitimate actions on the object (for example, delete it). This could disrupt application operation in different ways, depending on the permissions granted and what they mean for the object in question.


called from cygpath.exe, make.exe, and just about every other binary executable
(cygwin1.dll:00056726) Object created/set by CreateFileMapping: cygpid.7BC has a NULL DACL - grants full access to all users


Please send replies directly to me also as I am not a list subscriber.

--
Brant Langer Gurganus
Take control, use Firebird.
http://www.mozilla.org/products/firebird



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]