| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:reply-to:subject:to:references:from:message-id | |
| :date:mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=R1krzkcQANj+1mvI | |
| bdXfXsL0S7oSR13zSlt2FehmLWz2GplAdCPuG1b2zWN9EwjWV2n/WFrIKriZKxCE | |
| eEsrQ4ELfDhFQcH40SrtC/T7O1Bgyswg2zNiQRSoctJRUfi1A6hbBiR5EwZn9+/u | |
| 7wFF4PCxxhBoUKWMBypSH09hKDY= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:reply-to:subject:to:references:from:message-id | |
| :date:mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=lDs6qt/IeIohGoM57rLRvO | |
| bZRfU=; b=KkvqPW0XLUvsRuuovZun1bAeHXHTmif7OrV27ZH4guHecKbf37BqnH | |
| x4gxFw5Xl7TuX6sB+d3drz2eB9tSGVlivyM3AnvqqZnnUGRfkJ4wsG1qlL0YfimY | |
| d9/2r0fxFJVr2JmkDlDBUah79733s2nOQvLlrJiztHX+YzZuoslIE= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Spam-SWARE-Status: | No, score=-2.5 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=HX-Languages-Length:2733, threat, dat, screen |
| X-HELO: | smtp-out-so.shaw.ca |
| Reply-To: | Brian DOT Inglis AT SystematicSw DOT ab DOT ca |
| Subject: | Re: tar 1.29 hangs, when run with strace, it exits with "illegal instruction" |
| To: | cygwin AT cygwin DOT com |
| References: | <CAFWoy7Feu05w0G=PLtwr1160sME8EVFvn57kNdCwxL3_phgzdg AT mail DOT gmail DOT com> <b9ea23d3-3ba7-f4eb-0f77-73c6cebaece9 AT SystematicSw DOT ab DOT ca> <CAFWoy7EhSPDa4_g0y2CHNQWN-5vQaXhdA4BNcy7gy1Ni=APfwQ AT mail DOT gmail DOT com> |
| From: | Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca> |
| Openpgp: | preference=signencrypt |
| Message-ID: | <632325ad-e043-1a1d-23c1-6c24d6456c5f@SystematicSw.ab.ca> |
| Date: | Fri, 9 Aug 2019 14:42:17 -0600 |
| User-Agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 |
| MIME-Version: | 1.0 |
| In-Reply-To: | <CAFWoy7EhSPDa4_g0y2CHNQWN-5vQaXhdA4BNcy7gy1Ni=APfwQ@mail.gmail.com> |
| X-IsSubscribed: | yes |
On 2019-08-09 13:13, Keith Christian wrote: > On Wed, Aug 7, 2019 at 9:33 PM Brian Inglis wrote: >> On 2019-08-07 12:20, Keith Christian wrote: >>> I am able to run "tar ft somefile.tar" successfully on a Linux >>> machine, same tar version (1.29.) >>> >>> This version hangs up the terminal, does not respond to Ctrl-C or >>> Ctrl-Z, and terminates with an illegal instruction to the screen, not >>> reflected in the strace output. >>> >>> File cygwin_tar_1_29_illegal_instruction.txt is attached with strace >>> output, version, and "cygcheck tar" output. >> >> Works just fine for me: >> >> $ tar ft Downloads/nam.dist.tar >> README >> demo/ >> ... >> >> You may have some http://www.cygwin.com/acronyms/#BLODA interfering like an AV. >> The strace shows tar fails in sysfer.dll, which is part of Symantec Endpoint >> Protection CMC Firewall Application and Device Control, badly written from the >> number of complaints about it, and as usual with these control and monitoring >> products, they greatly slow down systems and interfere with work. >> Deinstall SEP or bypass your cygwin directories. > Cygwin is on a corporate machine so disabling anything will not be > easy or allowed. Can you explain "bypass cygwin directories?" > > Cygwin's tar worked recently so must be an "enhancement" in the > security software or some change in tar that is frowned upon. I see > no evidence of Symantec Endpoint software, must be different AV > software. Change the AV settings to ignore the file types or directories that cause issues. SEP includes sysfer.dll, but you may not see much evidence of the product in a centralized corporate control and monitoring environment, designed solely to monitor everything and prevent any threat. The problem is SEP sysfer.dll has a bug which executes an illegal instruction, probably by calling a method via a bad pointer, incorrectly set up or clobbered earlier by the AV, while interfering with tar's operation. The difference may be in what the tar file contains. A lot of Windows products block file types rather than file contents. Untarring, renaming (as ...#.dat), and retarring under Linux (with the old and new names in a manifest or a script to rename back) can often bypass dumb checks. Some of their "advanced", "smart", or "AI" products or features attempt blocks if certain data contents are seen or calls are made as they are considered problematic and characteristic of malware: of course, most are false positives! -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |