Security Issues found by Microsoft's Application Verifier

Brant Langer Gurganus brantgurganus2001@cherokeescouting.org
Tue Aug 19 02:38:00 GMT 2003

• Previous message (by thread): vi startup problem
• Next message (by thread): Security Issues found by Microsoft's Application Verifier
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Microsoft's Application Verifier (free) software identified this issue 
in just about every Cygwin executable:
The application assigned an object (file, registry key, etc.) an 
excessively permissive security descriptor. Depending on the 
permissions granted (detailed in the log entry), an unauthorized user 
could perform illegitimate actions on the object (for example, delete 
it). This could disrupt application operation in different ways, 
depending on the permissions granted and what they mean for the object 
in question.
called from cygpath.exe, make.exe, and just about every other binary 
executable
(cygwin1.dll:00056726) Object created/set by CreateFileMapping: 
cygpid.7BC has a NULL DACL - grants full access to all users
Please send replies directly to me also as I am not a list subscriber.
-- 
Brant Langer Gurganus
Take control, use Firebird.
http://www.mozilla.org/products/firebird
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/

---

• Previous message (by thread): vi startup problem
• Next message (by thread): Security Issues found by Microsoft's Application Verifier
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Cygwin mailing list