Mail Archives: cygwin/2024/02/08/21:18:22

Kaz Kylheku via Cygwin <cygwin AT cygwin DOT com> · Thu, 08 Feb 2024 18:17:39 -0800

On 2024-02-07 11:57, Jon Turney via Cygwin wrote:
> A new version of Setup (2.930) has been uploaded to:
> 
>  https://cygwin.com/setup-x86_64.exe  (64 bit version)
>  https://cygwin.com/setup-x86.exe     (32 bit version)
> 
> Changes compared to 2.929:
> 
> - Add some hardening against "DLL hijacking" attacks (Thanks to Corinna Vinschen for doing all the thinking involved)

Is this because of the report submitted by Suman Chakraborty?

I didn't see any public response confirming that there is any problem,and that that action would be taken.

I see the commit: https://cygwin.com/cgit/cygwin-apps/setup/commit/?id=0122154811bacdd7dc042cff0c80bb0a36af360c

I'm curious, what improvement arises out of looking up the SetDefaultDllDirectories
function dynamically in kernel32.dll?

Is it the case that malicious software can interpose itself somehow such that
the statically linked SetDefaultDllDirectories call goes elsewhere other than
kernel32.dll, which we can thwart by asking for the genuine article in kernel32.dll?

(If this fixes the problem for Suman, he has some malware or antivirus crap on his PC.)

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 224273858C74
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1707445100;
	bh=1CUIknaDk+JPFLaDhCHmH9zwj5BwV+bTbmcWEIWQuTk=;
	h=Date:To:Cc:Subject:In-Reply-To:References:List-Id:
	List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	From:Reply-To:From;
	b=NmYf5OjhKWYJVttOfTdkuJO9WmYs9tbFC5At4mGSutkJuB2cjg7THPnCdZKGG4CYg
	inYf4fVX5519pG0ZalQmgiFA7urSay8PrFEjSd/WjARr7Xdpn5gwt4Zp9YM3zqM4oF
	MD25QQRz4MTxE0HXBfRuHQw5gUriNNobKqiihUjo=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org 24C413858C60
ARC-Filter:	OpenARC Filter v1.0.0 sourceware.org 24C413858C60
ARC-Seal:	i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707445079; cv=none;
	b=dgY2j57e8LBnwmK4sPS4B85Q3i0rtbAmVvhf/7I7ZfqRXghcp/mOf4dq31wVFGvQdsDDQpVgTWyUCOvryF3jUYgH3HBvTI2qCJjdD5x+Jp581D9ssN81fL+WZEsCYOYugkCR2g+PCvcQjj6oB3VOe9N7TAXaIjD3ktm+pwoB9JI=
ARC-Message-Signature:	i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1707445079; c=relaxed/simple;
	bh=Br6ioyaFjnlY/HwUQ+scMynZfh0SRm7ctYCPcuQxYxE=;
	h=MIME-Version:Date:From:To:Subject:Message-ID;
	b=uXG6B10HemivLRyfjeSNPzoh8OAQjZ2l+5Mg84ilJCcgJAqSi3J0DdSGwFXzpLutz0WDUzpWs3OrVZf6uqnXOEiGMwKqgzN3VVwBYwQm3904bnvfSMneUe9TuCPUblpA8bxw6E0oU9zpziBbkesIKrYGv2wh8M9TYEmwuACPy9Y=
ARC-Authentication-Results:	i=1; server2.sourceware.org
MIME-Version:	1.0
Date:	Thu, 08 Feb 2024 18:17:39 -0800
To:	Jon Turney <jon DOT turney AT dronecode DOT org DOT uk>
Cc:	cygwin-announce AT cygwin DOT com, The Cygwin Mailing List <cygwin AT cygwin DOT com>
Subject:	Re: Updated: setup (2.930)
In-Reply-To:	<6a25c776-98bb-4240-8a57-7081324c5a05@dronecode.org.uk>
References:	<6a25c776-98bb-4240-8a57-7081324c5a05 AT dronecode DOT org DOT uk>
User-Agent:	Roundcube Webmail/1.4.15
Message-ID:	<23db00778577ab0853fe1026befb9fe8@kylheku.com>
X-Sender:	kaz AT kylheku DOT com
X-MagicMail-OS:	Unknown
X-MagicMail-UUID:	6fbb57ac-c6f1-11ee-ae84-00505695d298
X-MagicMail-Authenticated:	fuck DOT telus AT novus DOT ca
X-MagicMail-SourceIP:	104.37.63.7
X-MagicMail-RegexMatch:	1
X-MagicMail-EnvelopeFrom:	<fuck DOT telus AT novus DOT ca>
X-Spam-Status:	No, score=-1.6 required=5.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS, KAM_DMARC_STATUS, KAM_EXEURI, SPF_HELO_NONE,
	SPF_PASS, TXREP,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version:	SpamAssassin 3.4.6 (2021-04-09) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.30
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Kaz Kylheku via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Kaz Kylheku <kaz AT kylheku DOT com>
Errors-To:	cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019