Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Reply-To: From: "Bill McCormick" To: Subject: RE: Security Issues found by Microsoft's Application Verifier Date: Mon, 18 Aug 2003 21:31:07 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Priority: 3 (Normal) X-MSMail-Priority: Normal In-Reply-To: <3F418A68.1090905@cherokeescouting.org> X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id h7J2W3j30488 Death to sales guys > Microsoft's Application Verifier (free) software identified this issue > in just about every Cygwin executable: > The application assigned an object (file, registry key, etc.) an > excessively permissive security descriptor. Depending on the > permissions granted (detailed in the log entry), an unauthorized user > could perform illegitimate actions on the object (for example, delete > it). This could disrupt application operation in different ways, > depending on the permissions granted and what they mean for the object > in question. > > called from cygpath.exe, make.exe, and just about every other binary > executable > (cygwin1.dll:00056726) Object created/set by CreateFileMapping: > cygpid.7BC has a NULL DACL - grants full access to all users > > Please send replies directly to me also as I am not a list subscriber. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.506 / Virus Database: 303 - Release Date: 8/1/2003 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/