Mail Archives: cygwin/2018/02/14/02:17:16

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2018/02/14/02:17:16

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:subject:to:references:from:message-id:date

:mime-version:in-reply-to:content-type

:content-transfer-encoding; q=dns; s=default; b=RQLJcIC6Qjx8GOXI

zdZ/T8A1VwDQmQY0TSHkrzsn0BMQk5G7vnjnXbJ7To/pAuX0tDSjPcQaDUKRb4zl

b1jggFhkDGpvk33im6a6Phn7qruza97vqnXygo5Md2w2fLx1d5yWPNOKpLJ/zDMR

aaZAg6oddDFFN1HajW9JQJcy7PI=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:subject:to:references:from:message-id:date

:mime-version:in-reply-to:content-type

:content-transfer-encoding; s=default; bh=VETLWfGk/DWZnnnnqY+34c

tgvzQ=; b=TRhz/YlzE9tAJCAPqD6iwIEDWr4UZJP6aXqyaoujve7QaTxOquX1Mx

RgmvebSuQhB4AhGn/U+NRaRjgNH6A0LJW5VMEPLu30iFkZ5FopL1/sjERWZi1HN+

KDqq598v1FOsW+WX1F7fj1nHTiA5MAy5tKG/Ppccyh6DKZ6sh2F7M=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=1.0 required=5.0 tests=AWL,BAYES_20,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=no version=3.3.2 spammy=threat, UD:blogs.technet.microsoft.com, blogs.technet.microsoft.com, blogstechnetmicrosoftcom

X-HELO: mout.kundenserver.de

Subject: Re: W10 Mandatory ASLR default

To: cygwin AT cygwin DOT com

References: <8297ddf5-5d06-c2b1-526b-16ca311749aa AT ferzkopp DOT net> <CAJ1FpuMivfg+RKg3kDf8rt6n-Ky0Ami_5_HpGjbAMGpHgM57Tg AT mail DOT gmail DOT com> <e4b6f4cd-1fb2-5d4c-1f94-f8ca73bbfa1f AT ferzkopp DOT net> <20180212164945 DOT GA2361 AT jbsupah> <ec5eb9a0-b33e-5bc8-090d-db0c571d5846 AT ferzkopp DOT net> <dd3a6a82-19bb-eb84-51df-5d1cde39315f AT SystematicSw DOT ab DOT ca>

From: Thomas Wolff <towo AT towo DOT net>

Message-ID: <890bb1f3-65b3-b9d8-fdaa-bb148cce4163@towo.net>

Date: Wed, 14 Feb 2018 08:17:01 +0100

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0

MIME-Version: 1.0

In-Reply-To: <dd3a6a82-19bb-eb84-51df-5d1cde39315f@SystematicSw.ab.ca>

X-UI-Out-Filterresults: notjunk:1;V01:K0:+tJJ14AfmRk=:LjV+j62L7PRlwhNlDvXqhC BBvG9Z2nzmxDTQ8C/pzyGoFw4I0emov1QcZH19GZn28FUcJfbussjiYp+8pWw8ArURleShC1+ bhXhmo/YVLCYU20Csqi62DLxYY+1aLwQuPEMvJhhz+n7EPtjg0KWkCrkO4OztyvPu4T2Ui/sz kaBMLzsQ0P09zvT5A1KdowQyKSqSUFKQzqEfz/V6WfgZ2z6uoqwaHOsg/wWg6ODYLbqihtCFQ FIqmIYEhbehfEpms7vCglSS8ekCtdxnyo1AzaZwcRHTibatJBaCHIhQDGnRgAzQw1LYwLFXNS 9xUMT4w9itdP/Puif3Cz9cbtCqx5Oa1LCsHZMP7Ml5ORY2ktrgC5AE4/tIod2cVanb6L5Tpqa IeHs+fdBOlUQFsSOjOzp3Hh5c1tsz3Xx5vrinAdJJY3WHN3OlEH972fTPR8P7vX9fF+No8Djx u89/3+j7OW/72hVyoyhSQqJODuL530KYB0Sh63EY2UUCaX+SAeZNhAR3lSPw54NnBnsQcvPJU WrOoevUV+KeShcnNfxNCa/WqZGIroAHNnguyE4bWm62Rj5Rtxcy+KAClXOW8OLHBU4wShAODY UJLb91YqDgF3I0uGW6Qw2ju0Oat2VafTAOZ8wy5TwcD4bSqfTPFt6E1aNCz4QFdBaE18JrFgK GGjdXtIDAEOWfZRFStbA6H1jk8Xl/QtZ12HHnJQ1twKBD4xf39U9Qjf9w97NMnK7SdRtr87AD OWwiQD22fPqgnsOgpSLr0UIJwLtFQf+R15LMqIjn3EspzR21N7i0/Rbrcb8=

X-IsSubscribed: yes

Am 14.02.2018 um 04:25 schrieb Brian Inglis:
> On 2018-02-12 21:58, Andreas Schiffler wrote:
>> Found the workaround (read: not really a solution as it leaves the system
>> vulnerable, but it unblocks cygwin)
>> - Go to Windows Defender Security Center - Exploit protection settings
>> - Disable System Settings - Force randomization for images (Mandatory ASLR) and
>> Randomize memory allocations (Bottom-up ASLR) from "On by default" to "Off by
>> default"
>>
>> Now setup.exe works and can rebase everything; after that Cygwin Terminal starts
>> as a working shell without problems.
>>
>> @cygwin dev's - It seems one of the windows updates (system is on 1709 build
>> 16299.214) might have changed my ASLR settings to "system wide mandatory" (i.e.
>> see
>> https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/
>> for info) so that the cygwin DLLs don't work correctly anymore (i.e. see old
>> thread about this topic here
>> https://www.cygwin.com/ml/cygwin/2013-06/msg00092.html).
>> This change might have made it into the system as part of the security update
>> for Meltdown+Spectre (I am speculating), but that could explain why my cygwin
>> installation that worked fine before (i.e. mid-2017) stopped working suddenly
>> (beginning 2018). It would be good to devize a test for the setup.exe that
>> checks the registry (likely
>> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel])
>> for this state and alerts the user.
> I'm on W10 Home 1709/16299.192 (slightly older).
>
> Under Windows Defender Security Center/App & browser control/Exploit
> protection/Exploit protection settings/System settings/Force randomization for
> images (Mandatory ASLR) - "Force relocation of images not compiled with
> /DYNAMICBASE" is "Off by default", whereas Randomize memory allocations
> (Bottom-up ASLR) - "Randomize locations for virtual memory allocations." and all
> other settings are "On by default".
>
> Under Windows Defender Security Center/App & browser control/Exploit
> protection/Exploit protection settings/Program settings various .exes have 0-2
> system overrides of settings.
>
> I used the Export settings selection at the bottom to export the settings, which
> use the implied System settings defaults, and include the Program settings
> system overrides shown in the attached xml file.
>
> It may be useful if you could export your default and updated settings for
> comparison and information.
> It would be nice if one of the project volunteers with Windows threat mitigation
> knowledge could look at these, to see if there is a better approach.
>
> I expect to get updated the next time I restart, as I have been seeing
> notifications to that effect, and will not be surprised if my system startup
> Cygwin shell scripts fail.
I guess Andreas' suggestion is confirmed by 
https://github.com/mintty/wsltty/issues/6#issuecomment-361281467
Thomas

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=RQLJcIC6Qjx8GOXI
	zdZ/T8A1VwDQmQY0TSHkrzsn0BMQk5G7vnjnXbJ7To/pAuX0tDSjPcQaDUKRb4zl
	b1jggFhkDGpvk33im6a6Phn7qruza97vqnXygo5Md2w2fLx1d5yWPNOKpLJ/zDMR
	aaZAg6oddDFFN1HajW9JQJcy7PI=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=VETLWfGk/DWZnnnnqY+34c
	tgvzQ=; b=TRhz/YlzE9tAJCAPqD6iwIEDWr4UZJP6aXqyaoujve7QaTxOquX1Mx
	RgmvebSuQhB4AhGn/U+NRaRjgNH6A0LJW5VMEPLu30iFkZ5FopL1/sjERWZi1HN+
	KDqq598v1FOsW+WX1F7fj1nHTiA5MAy5tKG/Ppccyh6DKZ6sh2F7M=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=1.0 required=5.0 tests=AWL,BAYES_20,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=no version=3.3.2 spammy=threat, UD:blogs.technet.microsoft.com, blogs.technet.microsoft.com, blogstechnetmicrosoftcom
X-HELO:	mout.kundenserver.de
Subject:	Re: W10 Mandatory ASLR default
To:	cygwin AT cygwin DOT com
References:	<8297ddf5-5d06-c2b1-526b-16ca311749aa AT ferzkopp DOT net> <CAJ1FpuMivfg+RKg3kDf8rt6n-Ky0Ami_5_HpGjbAMGpHgM57Tg AT mail DOT gmail DOT com> <e4b6f4cd-1fb2-5d4c-1f94-f8ca73bbfa1f AT ferzkopp DOT net> <20180212164945 DOT GA2361 AT jbsupah> <ec5eb9a0-b33e-5bc8-090d-db0c571d5846 AT ferzkopp DOT net> <dd3a6a82-19bb-eb84-51df-5d1cde39315f AT SystematicSw DOT ab DOT ca>
From:	Thomas Wolff <towo AT towo DOT net>
Message-ID:	<890bb1f3-65b3-b9d8-fdaa-bb148cce4163@towo.net>
Date:	Wed, 14 Feb 2018 08:17:01 +0100
User-Agent:	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version:	1.0
In-Reply-To:	<dd3a6a82-19bb-eb84-51df-5d1cde39315f@SystematicSw.ab.ca>
X-UI-Out-Filterresults:	notjunk:1;V01:K0:+tJJ14AfmRk=:LjV+j62L7PRlwhNlDvXqhC BBvG9Z2nzmxDTQ8C/pzyGoFw4I0emov1QcZH19GZn28FUcJfbussjiYp+8pWw8ArURleShC1+ bhXhmo/YVLCYU20Csqi62DLxYY+1aLwQuPEMvJhhz+n7EPtjg0KWkCrkO4OztyvPu4T2Ui/sz kaBMLzsQ0P09zvT5A1KdowQyKSqSUFKQzqEfz/V6WfgZ2z6uoqwaHOsg/wWg6ODYLbqihtCFQ FIqmIYEhbehfEpms7vCglSS8ekCtdxnyo1AzaZwcRHTibatJBaCHIhQDGnRgAzQw1LYwLFXNS 9xUMT4w9itdP/Puif3Cz9cbtCqx5Oa1LCsHZMP7Ml5ORY2ktrgC5AE4/tIod2cVanb6L5Tpqa IeHs+fdBOlUQFsSOjOzp3Hh5c1tsz3Xx5vrinAdJJY3WHN3OlEH972fTPR8P7vX9fF+No8Djx u89/3+j7OW/72hVyoyhSQqJODuL530KYB0Sh63EY2UUCaX+SAeZNhAR3lSPw54NnBnsQcvPJU WrOoevUV+KeShcnNfxNCa/WqZGIroAHNnguyE4bWm62Rj5Rtxcy+KAClXOW8OLHBU4wShAODY UJLb91YqDgF3I0uGW6Qw2ju0Oat2VafTAOZ8wy5TwcD4bSqfTPFt6E1aNCz4QFdBaE18JrFgK GGjdXtIDAEOWfZRFStbA6H1jk8Xl/QtZ12HHnJQ1twKBD4xf39U9Qjf9w97NMnK7SdRtr87AD OWwiQD22fPqgnsOgpSLr0UIJwLtFQf+R15LMqIjn3EspzR21N7i0/Rbrcb8=
X-IsSubscribed:	yes