X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; q=dns; s=default; b=Bs0+OckwHi3y4+UGgIEHBOje7w/AN
	5duCScXyjRmde89MOhhwWlicG/OH+dHz495ZMRZZZ0Vdl975E0YpKpiawtZGru1w
	7Wrt0HQM/9f9JNJ9tDBvUJ5KQN2/hi7qiIUALMJFfXUEyK+h/ZKpm4gfpMrE7HfN
	id9t/DnmxI6I1A=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; s=default; bh=ybKgFLjLLmStbgh7dsBTx+cjyYc=; b=jVY
	3jzue42Q0DJFHcTqP2i7LRJa337AgCcpm6l5f0vzjDo9CQYEeRdlnm2JH+UJM71n
	RH/NkdO/Zg325UrC9oGAbMpTSlF9gGcp8OCDj1vSGol9KByV/pNiwHMiiP1VZr0h
	fTqeMMFfIouJrfru1qzVcWPESphkjlTmgljQ+4UA=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-2.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=images
X-HELO:	mail-io0-f172.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=FR6V3k5is5/2cpq7fKeUVR50CW5MwLNnSHYpfP3dCzY=; b=svX6dY6ltVvWFAkYH+KfFj2f03hUr2uMrRh4UEjgIS4KSjhmCzuYGJUfgnuA4mAxZH sgbxxiKZAxOCxLyzYSY5wsR2hIytilIFZygR0eewCbxuV1H15y7TY75cCZLu7ty9HkZ/ 3ZgayYKUXS53S1WqdofqJaWWIpg14zJ5kDfG6TcmRBWgbzOENKgec9jIzhjaxlsOLz0i DeqdR8waROTZqJ3B0Uinn759JeYTW3dJGGb/xhZiwR9WQpxa7i+sWk10fwPQRakZTJO4 NBLYFShN+a6p9pRkcUHGSI9l7wnS/rkD0rbR7X+WpQ28pz7GT9mf6AMTDrJ65lOSdfCH WmRw==
X-Gm-Message-State:	AKwxytcbadReWEZKfbgmtpjVlejzaIezHedM/LybQSZ1SZ9DSRzDLyzM U2A5G8Tt3R6DgEZkz6J0mF8cbeMqUYJrRGqRQfgfg1tx
X-Google-Smtp-Source:	ACJfBov3WjGQ4urOr/8fHuCWw8dIO6I1bgC6YPd4I6lBTAEaxt88oNSGrgNEFvbww1u8KghRAl8E7hzkvTmVVkRrF4c=
X-Received:	by 10.107.137.96 with SMTP id l93mr18120779iod.212.1515581262499; Wed, 10 Jan 2018 02:47:42 -0800 (PST)
MIME-Version:	1.0
From:	Erik Bray <erik DOT m DOT bray AT gmail DOT com>
Date:	Wed, 10 Jan 2018 11:47:41 +0100
Message-ID:	<CAOTD34bhySjm8LiMPXsxhgrFdwqMFN9K1bm5KAjsN3pLmNOP4w@mail.gmail.com>
Subject:	Windows Defender Exploit Guard
To:	cygwin AT cygwin DOT com
X-IsSubscribed:	yes

Hi all,

I've seen some reports, and encountered some problems myself, with the
new "Windows Defender Exploit Guard" [1] w.r.t. Cygwin.  This enables
a number of anti-exploit protections, at least some of which might be
a problem for Cygwin--in particular "Force randomization for images
(Mandatory ASLR)" as the name suggests forces address space
randomization even for DLLs, for example, with a fixed image base.
Possibly some others are also a problem for Cygwin but I'm not sure.

Fortunately, these settings can be customized on a per-executable
basis, and this can be done programmatically with powershell:
https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection

Maybe for Cygwin we will want to include something like a companion
script to rebase that applies the necessary exploit protection
exceptions for Cygwin binaries... :(

Best,
Erik

[1] https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -