Mail Archives: cygwin/2018/02/16/01:41:56

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2018/02/16/01:41:56

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:reply-to:subject:to:references:from:message-id

:date:mime-version:in-reply-to:content-type

:content-transfer-encoding; q=dns; s=default; b=KJaz4ryDqUxzmM0V

627JbJIwIUH9OVIzMRJX+SEVs5+kk4d42NpjOICYO84h2pEAyVciu5rQKWoOdaI4

O/RnU8RmIJQ4Xki9UtL1yUSozDHsOjaFE+NV3er+8W42dcoRLlQTB3LeHlpPeLDH

av9jjDOEWgBiySUO8GJqqBY9LRw=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:reply-to:subject:to:references:from:message-id

:date:mime-version:in-reply-to:content-type

:content-transfer-encoding; s=default; bh=gtFpT4tfIA2XOctjLGzo6G

qOo8A=; b=Ba8TRbCC79HBym9tiWEKYY+4CUm2zKtfWbuXhCN9EY3LabjBrhdyxU

PBB9iyUIrWki4+bifFmE6WgGwQkzJAraOoUms77YEho6+uvGtIJnipM/4OobIs4i

NK4c560wh30/OPjouAvdZbFA+aJ5gx9dHHECSbpLKc7K0X0wrxbtU=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=0.6 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=Editor, threat, UD:blogs.technet.microsoft.com, blogs.technet.microsoft.com

X-HELO: smtp-out-so.shaw.ca

X-Authority-Analysis: v=2.3 cv=RPud4bq+ c=1 sm=1 tr=0 a=MVEHjbUiAHxQW0jfcDq5EA==:117 a=MVEHjbUiAHxQW0jfcDq5EA==:17 a=N659UExz7-8A:10 a=yMhMjlubAAAA:8 a=w_pzkKWiAAAA:8 a=NEAV23lmAAAA:8 a=G2M2N0FtD0lCLSTZRxQA:9 a=pILNOxqGKmIA:10 a=uxdnVy1cKkYA:10 a=nFIw9-zvy9kA:10 a=sRI3_1zDfAgwuvI8zelB:22

Reply-To: Brian DOT Inglis AT SystematicSw DOT ab DOT ca

Subject: Re: W10 Mandatory ASLR default

To: cygwin AT cygwin DOT com

References: <8297ddf5-5d06-c2b1-526b-16ca311749aa AT ferzkopp DOT net> <CAJ1FpuMivfg+RKg3kDf8rt6n-Ky0Ami_5_HpGjbAMGpHgM57Tg AT mail DOT gmail DOT com> <e4b6f4cd-1fb2-5d4c-1f94-f8ca73bbfa1f AT ferzkopp DOT net> <20180212164945 DOT GA2361 AT jbsupah> <ec5eb9a0-b33e-5bc8-090d-db0c571d5846 AT ferzkopp DOT net> <dd3a6a82-19bb-eb84-51df-5d1cde39315f AT SystematicSw DOT ab DOT ca> <890bb1f3-65b3-b9d8-fdaa-bb148cce4163 AT towo DOT net> <aff8daa3-a958-acd2-66ca-579751981c9a AT ferzkopp DOT net>

From: Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>

Message-ID: <327030c8-7dfa-8e57-eb70-45e890f8aac2@SystematicSw.ab.ca>

Date: Thu, 15 Feb 2018 23:41:41 -0700

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0

MIME-Version: 1.0

In-Reply-To: <aff8daa3-a958-acd2-66ca-579751981c9a@ferzkopp.net>

X-CMAE-Envelope: MS4wfCEwwaBD1KMyYfWTUhTn4zFoPlBjwRKtIyUULB2PEcdrkHq51zWovos4AakYWW2UkQGC7qbmYcpXwDPHsiiWkRVYdyqeA5uV1w4Goef9XBfaYpyOUbZW NM7rfsezxlP5QcnKqWc165FbMHzQxFarNz+AGf3tWAO1THgYJ7r/yftu/WlKv9Ue4udcCj5ljhqWPw==

X-IsSubscribed: yes

On 2018-02-14 00:36, Andreas Schiffler wrote:
> On 2/13/2018 11:17 PM, Thomas Wolff wrote:
>> Am 14.02.2018 um 04:25 schrieb Brian Inglis:
>>> On 2018-02-12 21:58, Andreas Schiffler wrote:
>>>> Found the workaround (read: not really a solution as it leaves the system
>>>> vulnerable, but it unblocks cygwin)
>>>> - Go to Windows Defender Security Center - Exploit protection settings
>>>> - Disable System Settings - Force randomization for images (Mandatory ASLR) and
>>>> Randomize memory allocations (Bottom-up ASLR) from "On by default" to "Off by
>>>> default"
>>>>
>>>> Now setup.exe works and can rebase everything; after that Cygwin Terminal
>>>> starts as a working shell without problems.

>>>> @cygwin dev's - It seems one of the windows updates (system is on 1709 build
>>>> 16299.214) might have changed my ASLR settings to "system wide mandatory" (i.e.
>>>> see
>>>> https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/
>>>> for info) so that the cygwin DLLs don't work correctly anymore (i.e. see old
>>>> thread about this topic here
>>>> https://www.cygwin.com/ml/cygwin/2013-06/msg00092.html).
>>>> It would be good to devize a test for the setup.exe that
>>>> checks the registry (likely
>>>> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel])
>>>> for this state and alerts the user.
>>> I'm on W10 Home 1709/16299.192 (slightly older).
>>> Under Windows Defender Security Center/App & browser control/Exploit
>>> protection/Exploit protection settings/System settings/Force randomization for
>>> images (Mandatory ASLR) - "Force relocation of images not compiled with
>>> /DYNAMICBASE" is "Off by default", whereas Randomize memory allocations
>>> (Bottom-up ASLR) - "Randomize locations for virtual memory allocations." and all
>>> other settings are "On by default".
>>> Under Windows Defender Security Center/App & browser control/Exploit
>>> protection/Exploit protection settings/Program settings various .exes have 0-2
>>> system overrides of settings.
>>> It would be nice if one of the project volunteers with Windows threat mitigation
>>> knowledge could look at these, to see if there is a better approach.

>> I guess Andreas' suggestion is confirmed by
>> https://github.com/mintty/wsltty/issues/6#issuecomment-361281467

> Here is the registry state:
> Mandatory ASLR off
> Windows Registry Editor Version 5.00
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
> "MitigationOptions"=hex:00,02,22,00,00,00,00,00,00,00,00,00,00,00,00,00
> Mandatory ASLR on
> Windows Registry Editor Version 5.00
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
> "MitigationOptions"=hex:00,01,21,00,00,00,00,00,00,00,00,00,00,00,00,00

Could setup be updated to reset Mandatory ASLR if the reg keys exist, or an
/etc/postinstall/[0z]p_disable_mandatory_aslr.sh script do a check and reset?

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:subject:to:references:from:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=KJaz4ryDqUxzmM0V
	627JbJIwIUH9OVIzMRJX+SEVs5+kk4d42NpjOICYO84h2pEAyVciu5rQKWoOdaI4
	O/RnU8RmIJQ4Xki9UtL1yUSozDHsOjaFE+NV3er+8W42dcoRLlQTB3LeHlpPeLDH
	av9jjDOEWgBiySUO8GJqqBY9LRw=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:subject:to:references:from:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=gtFpT4tfIA2XOctjLGzo6G
	qOo8A=; b=Ba8TRbCC79HBym9tiWEKYY+4CUm2zKtfWbuXhCN9EY3LabjBrhdyxU
	PBB9iyUIrWki4+bifFmE6WgGwQkzJAraOoUms77YEho6+uvGtIJnipM/4OobIs4i
	NK4c560wh30/OPjouAvdZbFA+aJ5gx9dHHECSbpLKc7K0X0wrxbtU=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=0.6 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=Editor, threat, UD:blogs.technet.microsoft.com, blogs.technet.microsoft.com
X-HELO:	smtp-out-so.shaw.ca
X-Authority-Analysis:	v=2.3 cv=RPud4bq+ c=1 sm=1 tr=0 a=MVEHjbUiAHxQW0jfcDq5EA==:117 a=MVEHjbUiAHxQW0jfcDq5EA==:17 a=N659UExz7-8A:10 a=yMhMjlubAAAA:8 a=w_pzkKWiAAAA:8 a=NEAV23lmAAAA:8 a=G2M2N0FtD0lCLSTZRxQA:9 a=pILNOxqGKmIA:10 a=uxdnVy1cKkYA:10 a=nFIw9-zvy9kA:10 a=sRI3_1zDfAgwuvI8zelB:22
Reply-To:	Brian DOT Inglis AT SystematicSw DOT ab DOT ca
Subject:	Re: W10 Mandatory ASLR default
To:	cygwin AT cygwin DOT com
References:	<8297ddf5-5d06-c2b1-526b-16ca311749aa AT ferzkopp DOT net> <CAJ1FpuMivfg+RKg3kDf8rt6n-Ky0Ami_5_HpGjbAMGpHgM57Tg AT mail DOT gmail DOT com> <e4b6f4cd-1fb2-5d4c-1f94-f8ca73bbfa1f AT ferzkopp DOT net> <20180212164945 DOT GA2361 AT jbsupah> <ec5eb9a0-b33e-5bc8-090d-db0c571d5846 AT ferzkopp DOT net> <dd3a6a82-19bb-eb84-51df-5d1cde39315f AT SystematicSw DOT ab DOT ca> <890bb1f3-65b3-b9d8-fdaa-bb148cce4163 AT towo DOT net> <aff8daa3-a958-acd2-66ca-579751981c9a AT ferzkopp DOT net>
From:	Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
Message-ID:	<327030c8-7dfa-8e57-eb70-45e890f8aac2@SystematicSw.ab.ca>
Date:	Thu, 15 Feb 2018 23:41:41 -0700
User-Agent:	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version:	1.0
In-Reply-To:	<aff8daa3-a958-acd2-66ca-579751981c9a@ferzkopp.net>
X-CMAE-Envelope:	MS4wfCEwwaBD1KMyYfWTUhTn4zFoPlBjwRKtIyUULB2PEcdrkHq51zWovos4AakYWW2UkQGC7qbmYcpXwDPHsiiWkRVYdyqeA5uV1w4Goef9XBfaYpyOUbZW NM7rfsezxlP5QcnKqWc165FbMHzQxFarNz+AGf3tWAO1THgYJ7r/yftu/WlKv9Ue4udcCj5ljhqWPw==
X-IsSubscribed:	yes