This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Security Issues found by Microsoft's Application Verifier
- From: Brant Langer Gurganus <brantgurganus2001 at cherokeescouting dot org>
- To: cygwin at cygwin dot com
- Date: Mon, 18 Aug 2003 21:24:40 -0500
- Subject: Security Issues found by Microsoft's Application Verifier
Microsoft's Application Verifier (free) software identified this issue
in just about every Cygwin executable:
The application assigned an object (file, registry key, etc.) an
excessively permissive security descriptor. Depending on the
permissions granted (detailed in the log entry), an unauthorized user
could perform illegitimate actions on the object (for example, delete
it). This could disrupt application operation in different ways,
depending on the permissions granted and what they mean for the object
in question.
called from cygpath.exe, make.exe, and just about every other binary
executable
(cygwin1.dll:00056726) Object created/set by CreateFileMapping:
cygpid.7BC has a NULL DACL - grants full access to all users
Please send replies directly to me also as I am not a list subscriber.
--
Brant Langer Gurganus
Take control, use Firebird.
http://www.mozilla.org/products/firebird
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/