Mail Archives: cygwin/2003/08/18/22:25:04

www.delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2003/08/18/22:25:04

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Message-ID: <3F418A68.1090905@cherokeescouting.org>

Date: Mon, 18 Aug 2003 21:24:40 -0500

From: Brant Langer Gurganus <brantgurganus2001 AT cherokeescouting DOT org>

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030813 Thunderbird/0.2a

X-Accept-Language: en-us, en

MIME-Version: 1.0

To: cygwin AT cygwin DOT com

Subject: Security Issues found by Microsoft's Application Verifier

X-Antivirus: avast! (VPS 8/14/2003), Outbound message

X-Antivirus-Status: Clean

Microsoft's Application Verifier (free) software identified this issue 
in just about every Cygwin executable:
The application assigned an object (file, registry key, etc.) an 
excessively permissive security descriptor.  Depending on the 
permissions granted (detailed in the log entry), an unauthorized user 
could perform illegitimate actions on the object (for example, delete 
it).  This could disrupt application operation in different ways, 
depending on the permissions granted and what they mean for the object 
in question.

called from cygpath.exe, make.exe, and just about every other binary 
executable
(cygwin1.dll:00056726) Object created/set by CreateFileMapping: 
cygpid.7BC has a NULL DACL - grants full access to all users

Please send replies directly to me also as I am not a list subscriber.

-- 
Brant Langer Gurganus
Take control, use Firebird.
http://www.mozilla.org/products/firebird



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Message-ID:	<3F418A68.1090905@cherokeescouting.org>
Date:	Mon, 18 Aug 2003 21:24:40 -0500
From:	Brant Langer Gurganus <brantgurganus2001 AT cherokeescouting DOT org>
User-Agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030813 Thunderbird/0.2a
X-Accept-Language:	en-us, en
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Security Issues found by Microsoft's Application Verifier
X-Antivirus:	avast! (VPS 8/14/2003), Outbound message
X-Antivirus-Status:	Clean