Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-ID: <3F418A68.1090905@cherokeescouting.org> Date: Mon, 18 Aug 2003 21:24:40 -0500 From: Brant Langer Gurganus User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030813 Thunderbird/0.2a X-Accept-Language: en-us, en MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Security Issues found by Microsoft's Application Verifier Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 8/14/2003), Outbound message X-Antivirus-Status: Clean Microsoft's Application Verifier (free) software identified this issue in just about every Cygwin executable: The application assigned an object (file, registry key, etc.) an excessively permissive security descriptor. Depending on the permissions granted (detailed in the log entry), an unauthorized user could perform illegitimate actions on the object (for example, delete it). This could disrupt application operation in different ways, depending on the permissions granted and what they mean for the object in question. called from cygpath.exe, make.exe, and just about every other binary executable (cygwin1.dll:00056726) Object created/set by CreateFileMapping: cygpid.7BC has a NULL DACL - grants full access to all users Please send replies directly to me also as I am not a list subscriber. -- Brant Langer Gurganus Take control, use Firebird. http://www.mozilla.org/products/firebird -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/