| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:subject:to:references:from:message-id:date | |
| :mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=mPTaI+APGfb4FIQO | |
| x0cF9HdRaUkSEb2ddxtpxdrSwKWAL+NAf2NqYpgW+KwKhskGFOaWG2NLnj1R1M+o | |
| yhxUwRgqdYx9UnUAr3n0hFE0zHUt85MjM3/+WYDWIv8E/va9Esxhb7HkryslkRsu | |
| olLIaarfywHgcFKcvzYP0NIbyV8= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:subject:to:references:from:message-id:date | |
| :mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=uQLUwMQwjgg4GQ5dMfOQVT | |
| QbCR8=; b=QdWYSFYuf6N2+fxvmkWYR6bVIZSRIA9s7HvlWQ8rmKbETAaTInlycP | |
| Syar3f/1Jyu63d/M0Ewm0a0DD8HDSL5l1zsaP6gPc7hZJOFWrbmWbHsW1PnoesMI | |
| UAFtm8JfMnSGwGC0Ig6YCJMF13l4bLhGxNynd4TaQYyQCSZTdu4BY= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=0.3 required=5.0 tests=AWL,BAYES_05,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS autolearn=no version=3.3.2 spammy=Editor, threat, UD:blogs.technet.microsoft.com, blogs.technet.microsoft.com |
| X-HELO: | mout.perfora.net |
| Subject: | Re: W10 Mandatory ASLR default |
| To: | cygwin AT cygwin DOT com |
| References: | <8297ddf5-5d06-c2b1-526b-16ca311749aa AT ferzkopp DOT net> <CAJ1FpuMivfg+RKg3kDf8rt6n-Ky0Ami_5_HpGjbAMGpHgM57Tg AT mail DOT gmail DOT com> <e4b6f4cd-1fb2-5d4c-1f94-f8ca73bbfa1f AT ferzkopp DOT net> <20180212164945 DOT GA2361 AT jbsupah> <ec5eb9a0-b33e-5bc8-090d-db0c571d5846 AT ferzkopp DOT net> <dd3a6a82-19bb-eb84-51df-5d1cde39315f AT SystematicSw DOT ab DOT ca> <890bb1f3-65b3-b9d8-fdaa-bb148cce4163 AT towo DOT net> |
| From: | Andreas Schiffler <aschiffler AT ferzkopp DOT net> |
| Message-ID: | <aff8daa3-a958-acd2-66ca-579751981c9a@ferzkopp.net> |
| Date: | Tue, 13 Feb 2018 23:36:52 -0800 |
| User-Agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 |
| MIME-Version: | 1.0 |
| In-Reply-To: | <890bb1f3-65b3-b9d8-fdaa-bb148cce4163@towo.net> |
| X-UI-Out-Filterresults: | notjunk:1;V01:K0:yrMXNm7Fn6I=:P5rW1zO139UZ3/Am0maxUO 7NuiirIluJ1QJckOHrsg7U2CvXHV6hi5kuW4YLIDPbJcoEqlEpPNXsLVPQoYrhBviXYZ/rd10 0DdXzQbsQC7Cw6lSsOEj3QklJhmiC60ZHPY6X11/3XtCBea5yckmnYE01eEJiXr1EjoKAzkj4 NsxX0Shh17n5iO7tkmZ5m/EhMeSrV8IUAfN/Rvrp2ehFFBKpJGxC/cw8JDiKNyFr2tzCq4sj7 lOM5In7/Fgr+bFWZqQClKsWU3dX/mAB6enwNUAsFuPvJtaEStj3zIwmddTwG2wDv87chc+CvT Iv3tfKVSAF5lr0+xMFBMdxQ+FBOWIKW/6MciWbzAN1+tMbzlcjQw/J8SqAG6wguCgwizY7YH7 ex2rr9m9ihvS1c0vcaxtdKhDgxOl73O0T4dwiEjnOvAg0Gg9ercvlraMc9PNLJidSLlNpLd1H +hmKPsNAqlRCxq48vlleHfYsowJ8/yXfAIigXJcB6lT62Oa+6Py5TeP8Xn0Oi2oCY7QzBFNjD jDDxnMMwSjeJPNQM4QSXCB7DuWfg2oCBSmM3TyK8hqcE+OHvQ+R8BbQW3Mt4WfAXEVC2paKAB AZa9tVihcHfyLA7AQQnmR3lnAYLSYsay+pM4YnqKZjTzZDr7inzu0+z7WN1ri6R+KxEMjH+vw FHiqDDJz9+WL7/fzrzroB1Z9iqjdbhL2hvTsiuPM/nwFG1Cu0VijV8AGeeEVDzR3+KyolfTc9 nrfk22E6NzCeIKxo1SoGvmh3p+EG+ERm6UREHPnBi9AlPxY23wsXkFTj1KE= |
| X-IsSubscribed: | yes |
| Note-from-DJ: | This may be spam |
Here is the registry state: Mandatory ASLR off Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel] "MitigationOptions"=hex:00,02,22,00,00,00,00,00,00,00,00,00,00,00,00,00 Mandatory ASLR on Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel] "MitigationOptions"=hex:00,01,21,00,00,00,00,00,00,00,00,00,00,00,00,00 On 2/13/2018 11:17 PM, Thomas Wolff wrote: > Am 14.02.2018 um 04:25 schrieb Brian Inglis: >> On 2018-02-12 21:58, Andreas Schiffler wrote: >>> Found the workaround (read: not really a solution as it leaves the >>> system >>> vulnerable, but it unblocks cygwin) >>> - Go to Windows Defender Security Center - Exploit protection settings >>> - Disable System Settings - Force randomization for images >>> (Mandatory ASLR) and >>> Randomize memory allocations (Bottom-up ASLR) from "On by default" >>> to "Off by >>> default" >>> >>> Now setup.exe works and can rebase everything; after that Cygwin >>> Terminal starts >>> as a working shell without problems. >>> >>> @cygwin dev's - It seems one of the windows updates (system is on >>> 1709 build >>> 16299.214) might have changed my ASLR settings to "system wide >>> mandatory" (i.e. >>> see >>> https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/ >>> >>> for info) so that the cygwin DLLs don't work correctly anymore (i.e. >>> see old >>> thread about this topic here >>> https://www.cygwin.com/ml/cygwin/2013-06/msg00092.html). >>> This change might have made it into the system as part of the >>> security update >>> for Meltdown+Spectre (I am speculating), but that could explain why >>> my cygwin >>> installation that worked fine before (i.e. mid-2017) stopped working >>> suddenly >>> (beginning 2018). It would be good to devize a test for the >>> setup.exe that >>> checks the registry (likely >>> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session >>> Manager\kernel]) >>> for this state and alerts the user. >> I'm on W10 Home 1709/16299.192 (slightly older). >> >> Under Windows Defender Security Center/App & browser control/Exploit >> protection/Exploit protection settings/System settings/Force >> randomization for >> images (Mandatory ASLR) - "Force relocation of images not compiled with >> /DYNAMICBASE" is "Off by default", whereas Randomize memory allocations >> (Bottom-up ASLR) - "Randomize locations for virtual memory >> allocations." and all >> other settings are "On by default". >> >> Under Windows Defender Security Center/App & browser control/Exploit >> protection/Exploit protection settings/Program settings various .exes >> have 0-2 >> system overrides of settings. >> >> I used the Export settings selection at the bottom to export the >> settings, which >> use the implied System settings defaults, and include the Program >> settings >> system overrides shown in the attached xml file. >> >> It may be useful if you could export your default and updated >> settings for >> comparison and information. >> It would be nice if one of the project volunteers with Windows threat >> mitigation >> knowledge could look at these, to see if there is a better approach. >> >> I expect to get updated the next time I restart, as I have been seeing >> notifications to that effect, and will not be surprised if my system >> startup >> Cygwin shell scripts fail. > I guess Andreas' suggestion is confirmed by > https://github.com/mintty/wsltty/issues/6#issuecomment-361281467 > Thomas > > -- > Problem reports: http://cygwin.com/problems.html > FAQ: http://cygwin.com/faq/ > Documentation: http://cygwin.com/docs.html > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > > -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |