Mail Archives: cygwin/2010/08/07/19:34:15
On 8/7/2010 5:23 PM, cbsa01 AT bangor DOT ac DOT uk wrote:
> many thanks for your reply. On why we need cygwin: the language model we use is IRSTLM. The native
> windows build of Moses does not currently use IRSTLM LMs.
I know next to nothing about Moses, so I'll just trust you on this one!
> I have been reading up a bit about debasing DLLs, and I gather from
> http://www.codeproject.com/KB/DLL/RebaseDll.aspx that the purpose is to avoid either two or more
> DLLs using the same preferred base addresses, or the overheads of relocation. However, on
> http://social.msdn.microsoft.com/Forums/en-US/vcgeneral/thread/bac7e300-f3df-4087-9c4b-847880d625ad,
> it is suggested that from Vista onwards, it is better to leave this to the operating systems's ASLR
> (Address space layout randomization) in order to help defeat a ?return-to-libc? attack. Do you agree
> with this? If it is still necessary to do a rebase, what does your script do that rebaseall doesn't?
The problem is that the address space randomization interferes with how
cygwin support fork(). Suppose a parent process maps library A at
address X, but does not map library B at all. Then suppose a forked
process is not yet using library A, and ends up mapping library B
at an address that overlaps X. Then the child reaches a point where
it needs to use library A. The implementation of cygwin requires
that if a parent and child use the same library, it must be at the
same address. Therefore the child's mapping attempt will block.
That gives a sense of the scenario. That may not be the exact
case, but it's like that. Basically, we need to guarantee that all
cygwin dlls map to different preferred places.
Yes, this defeats the OS attempt to defeat a security attack.
My script finds and rebases every dll file that cygwin 'find' can
locate, while rebaseall only does certain directories. For me,
the difference lies in (at least) some perl-related dlls that are
not where rebaseall looks.
Another important thing is that the distance between preferred
locations needs to be a little bigger than the default for rebase,
on Vista (and Windows 7). This is an obscure thing that Corinna
found a while back and took me quite a while to locate in old
email threads, but before I set that parameter, rebasing did not
work right for me and after adding that it did. Maybe they have
changed the default by now, but I don't think so.
> Re UAC prompts: this does look annoying but corporate security regulations may prevent us from
> turning it off completely. Is there some way to turn it off for individual programs without using
> third-party software?
That lies outside my expertise. I just turned it off.
Best wishes -- Eliot Moss
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -