| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:reply-to:subject:to:references:from:message-id | |
| :date:mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=rJGG1qDtn0O5cwGy | |
| UCdBVPdIieh6a+PIpN50R5n7fh8It5aE94NjWPzmNtx+F4HUP6kz9/EkUGJCQtac | |
| CHfFfps05nACGFWkmUxcfm0sxr+QwYRLKW2vlFj7JPm7pC80DOo28gaH4dvQHZO2 | |
| VbfqjF5PKlCTy0Wx3YkfyZbeqGQ= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:reply-to:subject:to:references:from:message-id | |
| :date:mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=zYjTEQTwcWgpgxG+p43vAJ | |
| iqs84=; b=TH5Cj2l9L1WqaOxUFlqAdJccYcvrT7HQ6VBnYlJTiTlDkXo/4b+NtF | |
| 6Hsc96/GZE3IPkZghQRNIAQjv33A4yGhNJPWqIeAeyajwYaPlTSyGlZaCZ2eP5Ef | |
| jZB3goPICryxHUBz25k6o4S7ybMa6iW8L/4XmM5ca5RdUsAwg37Ic= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-1.8 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=UD:blogs.technet.microsoft.com, blogs.technet.microsoft.com, clarifying-the-behavior-of-mandatory-aslr, blogstechnetmicrosoftcom |
| X-HELO: | smtp-out-so.shaw.ca |
| X-Authority-Analysis: | v=2.3 cv=D6Jp1MZj c=1 sm=1 tr=0 a=MVEHjbUiAHxQW0jfcDq5EA==:117 a=MVEHjbUiAHxQW0jfcDq5EA==:17 a=N659UExz7-8A:10 a=yMhMjlubAAAA:8 a=kwXqROGhxwQWYeLZ31EA:9 a=pILNOxqGKmIA:10 |
| Reply-To: | Brian DOT Inglis AT SystematicSw DOT ab DOT ca |
| Subject: | Re: W10 Mandatory ASLR default |
| To: | cygwin AT cygwin DOT com |
| References: | <8297ddf5-5d06-c2b1-526b-16ca311749aa AT ferzkopp DOT net> <CAJ1FpuMivfg+RKg3kDf8rt6n-Ky0Ami_5_HpGjbAMGpHgM57Tg AT mail DOT gmail DOT com> <e4b6f4cd-1fb2-5d4c-1f94-f8ca73bbfa1f AT ferzkopp DOT net> <20180212164945 DOT GA2361 AT jbsupah> <ec5eb9a0-b33e-5bc8-090d-db0c571d5846 AT ferzkopp DOT net> <dd3a6a82-19bb-eb84-51df-5d1cde39315f AT SystematicSw DOT ab DOT ca> <890bb1f3-65b3-b9d8-fdaa-bb148cce4163 AT towo DOT net> <aff8daa3-a958-acd2-66ca-579751981c9a AT ferzkopp DOT net> <327030c8-7dfa-8e57-eb70-45e890f8aac2 AT SystematicSw DOT ab DOT ca> <87bmgmf4e5 DOT fsf AT Rainer DOT invalid> |
| From: | Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca> |
| Message-ID: | <a23b7e8d-8b09-5288-2bc0-fee34aaf9434@SystematicSw.ab.ca> |
| Date: | Sun, 18 Feb 2018 15:40:29 -0700 |
| User-Agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 |
| MIME-Version: | 1.0 |
| In-Reply-To: | <87bmgmf4e5.fsf@Rainer.invalid> |
| X-CMAE-Envelope: | MS4wfBqNRJ1BV+XoNX0KLOFUh/YgMy2nCjTKLh4UZxR9Bf/mZ9AZ7+uyHTFU63Pc3YOOVYIBNfM9X2CvbzG2wtt0lkBZ9YWbmaUzWAVnKzJyq0rfZTKah6kn ZxSLZ47fA8xuXHvYtY1BXFG56Nj05lRJ3JFHETAeWkTjmbe6hTTh5CCiKcFrS4ycAFE8yuB0MluXqA== |
| X-IsSubscribed: | yes |
On 2018-02-18 13:07, Achim Gratz wrote: > Brian Inglis writes: >> Could setup be updated to reset Mandatory ASLR if the reg keys exist, or an >> /etc/postinstall/[0z]p_disable_mandatory_aslr.sh script do a check and reset? > > Both methods would likely be considered hostile by those who are most > likely set these keys and in fact I'd expect them to be re-set by group > policy even if they were changeable in any corporate environment. Note > that forcing mandatory ASLR on non-ASLR-aware executables is not the > default on Windows 10, although beta-testers might have got pushed such > a setting, based on what was reported here and elsewhere. Anyone who > sets this option on his own box without understanding what it really > does gets to keep the broken pieces. My concern is for those who do not set it themselves or are unaware of the impact on Cygwin. Cygwin does not set dynamic base in exes and dlls, so should not be affected unless Mandatory ASLR is set: https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/ W7 EMET and EoL 2018 July - upgrade for any future patches: https://technet.microsoft.com/en-us/security/jj653751 I'll be watching carefully after my next W10 Home standard restart, to see if it changes as part of Spectre/Meltdown mitigation. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |