Closed janwilmans closed 5 years ago
the latest version of debugview removes the DACL from the outputdebugstring buffer handle using SetSecurityInfo (win32) to be able to see debug messages from special processes such as explorer extensions, as per user request. To be able to access the buffer at all you have to have admin+debug privileges. I guess using the SetSecurityInfo from a application running as administrator with debug privileges should not be a security risk?
mitigation: added DACL_MODIFY macro to disabled access to Get/SetSecurityInfo API, this is really unfortunate, but having no debugview++ at all is worse than missing messages from certain processes.
hm, even when completely removing any mention of the Get/SetSecurityInfo API including the 'includes' to access it, the 'reputation' is now a problem.
stopped being flagged as a security risk ... closing
Symantec False Positive report form is here: https://submit.symantec.com/false_positive/ Please try
Already reported it months ago. no response so far.
https://github.com/CobaltFusion/DebugViewPP/releases/tag/1.8.0.16