Mail Archives: cygwin/2003/08/18/22:32:06

www.delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2003/08/18/22:32:06

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Reply-To: <wpmccormick AT covad DOT net>

From: "Bill McCormick" <wpmccormick AT covad DOT net>

To: <cygwin AT cygwin DOT com>

Subject: RE: Security Issues found by Microsoft's Application Verifier

Date: Mon, 18 Aug 2003 21:31:07 -0500

Message-ID: <NDBBLLFMLFMANIDPNADCOELDFEAA.wpmccormick@covad.net>

MIME-Version: 1.0

X-Priority: 3 (Normal)

X-MSMail-Priority: Normal

In-Reply-To: <3F418A68.1090905@cherokeescouting.org>

X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165

Importance: Normal

X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id h7J2W3j30488

Death to sales guys

> Microsoft's Application Verifier (free) software identified this issue 
> in just about every Cygwin executable:
> The application assigned an object (file, registry key, etc.) an 
> excessively permissive security descriptor.  Depending on the 
> permissions granted (detailed in the log entry), an unauthorized user 
> could perform illegitimate actions on the object (for example, delete 
> it).  This could disrupt application operation in different ways, 
> depending on the permissions granted and what they mean for the object 
> in question.
> 
> called from cygpath.exe, make.exe, and just about every other binary 
> executable
> (cygwin1.dll:00056726) Object created/set by CreateFileMapping: 
> cygpid.7BC has a NULL DACL - grants full access to all users
> 
> Please send replies directly to me also as I am not a list subscriber.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.506 / Virus Database: 303 - Release Date: 8/1/2003
 


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Reply-To:	<wpmccormick AT covad DOT net>
From:	"Bill McCormick" <wpmccormick AT covad DOT net>
To:	<cygwin AT cygwin DOT com>
Subject:	RE: Security Issues found by Microsoft's Application Verifier
Date:	Mon, 18 Aug 2003 21:31:07 -0500
Message-ID:	<NDBBLLFMLFMANIDPNADCOELDFEAA.wpmccormick@covad.net>
MIME-Version:	1.0
X-Priority:	3 (Normal)
X-MSMail-Priority:	Normal
In-Reply-To:	<3F418A68.1090905@cherokeescouting.org>
X-MIMEOLE:	Produced By Microsoft MimeOLE V6.00.2800.1165
Importance:	Normal
X-MIME-Autoconverted:	from quoted-printable to 8bit by delorie.com id h7J2W3j30488