X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=mPTaI+APGfb4FIQO
	x0cF9HdRaUkSEb2ddxtpxdrSwKWAL+NAf2NqYpgW+KwKhskGFOaWG2NLnj1R1M+o
	yhxUwRgqdYx9UnUAr3n0hFE0zHUt85MjM3/+WYDWIv8E/va9Esxhb7HkryslkRsu
	olLIaarfywHgcFKcvzYP0NIbyV8=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=uQLUwMQwjgg4GQ5dMfOQVT
	QbCR8=; b=QdWYSFYuf6N2+fxvmkWYR6bVIZSRIA9s7HvlWQ8rmKbETAaTInlycP
	Syar3f/1Jyu63d/M0Ewm0a0DD8HDSL5l1zsaP6gPc7hZJOFWrbmWbHsW1PnoesMI
	UAFtm8JfMnSGwGC0Ig6YCJMF13l4bLhGxNynd4TaQYyQCSZTdu4BY=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=0.3 required=5.0 tests=AWL,BAYES_05,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS autolearn=no version=3.3.2 spammy=Editor, threat, UD:blogs.technet.microsoft.com, blogs.technet.microsoft.com
X-HELO: mout.perfora.net
Subject: Re: W10 Mandatory ASLR default
To: cygwin@cygwin.com
References: <8297ddf5-5d06-c2b1-526b-16ca311749aa@ferzkopp.net> <CAJ1FpuMivfg+RKg3kDf8rt6n-Ky0Ami_5_HpGjbAMGpHgM57Tg@mail.gmail.com> <e4b6f4cd-1fb2-5d4c-1f94-f8ca73bbfa1f@ferzkopp.net> <20180212164945.GA2361@jbsupah> <ec5eb9a0-b33e-5bc8-090d-db0c571d5846@ferzkopp.net> <dd3a6a82-19bb-eb84-51df-5d1cde39315f@SystematicSw.ab.ca> <890bb1f3-65b3-b9d8-fdaa-bb148cce4163@towo.net>
From: Andreas Schiffler <aschiffler@ferzkopp.net>
Message-ID: <aff8daa3-a958-acd2-66ca-579751981c9a@ferzkopp.net>
Date: Tue, 13 Feb 2018 23:36:52 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <890bb1f3-65b3-b9d8-fdaa-bb148cce4163@towo.net>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
X-UI-Out-Filterresults: notjunk:1;V01:K0:yrMXNm7Fn6I=:P5rW1zO139UZ3/Am0maxUO 7NuiirIluJ1QJckOHrsg7U2CvXHV6hi5kuW4YLIDPbJcoEqlEpPNXsLVPQoYrhBviXYZ/rd10 0DdXzQbsQC7Cw6lSsOEj3QklJhmiC60ZHPY6X11/3XtCBea5yckmnYE01eEJiXr1EjoKAzkj4 NsxX0Shh17n5iO7tkmZ5m/EhMeSrV8IUAfN/Rvrp2ehFFBKpJGxC/cw8JDiKNyFr2tzCq4sj7 lOM5In7/Fgr+bFWZqQClKsWU3dX/mAB6enwNUAsFuPvJtaEStj3zIwmddTwG2wDv87chc+CvT Iv3tfKVSAF5lr0+xMFBMdxQ+FBOWIKW/6MciWbzAN1+tMbzlcjQw/J8SqAG6wguCgwizY7YH7 ex2rr9m9ihvS1c0vcaxtdKhDgxOl73O0T4dwiEjnOvAg0Gg9ercvlraMc9PNLJidSLlNpLd1H +hmKPsNAqlRCxq48vlleHfYsowJ8/yXfAIigXJcB6lT62Oa+6Py5TeP8Xn0Oi2oCY7QzBFNjD jDDxnMMwSjeJPNQM4QSXCB7DuWfg2oCBSmM3TyK8hqcE+OHvQ+R8BbQW3Mt4WfAXEVC2paKAB AZa9tVihcHfyLA7AQQnmR3lnAYLSYsay+pM4YnqKZjTzZDr7inzu0+z7WN1ri6R+KxEMjH+vw FHiqDDJz9+WL7/fzrzroB1Z9iqjdbhL2hvTsiuPM/nwFG1Cu0VijV8AGeeEVDzR3+KyolfTc9 nrfk22E6NzCeIKxo1SoGvmh3p+EG+ERm6UREHPnBi9AlPxY23wsXkFTj1KE=
X-IsSubscribed: yes
Note-from-DJ: This may be spam

Here is the registry state:

Mandatory ASLR off

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationOptions"=hex:00,02,22,00,00,00,00,00,00,00,00,00,00,00,00,00


Mandatory ASLR on

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationOptions"=hex:00,01,21,00,00,00,00,00,00,00,00,00,00,00,00,00


On 2/13/2018 11:17 PM, Thomas Wolff wrote:
> Am 14.02.2018 um 04:25 schrieb Brian Inglis:
>> On 2018-02-12 21:58, Andreas Schiffler wrote:
>>> Found the workaround (read: not really a solution as it leaves the 
>>> system
>>> vulnerable, but it unblocks cygwin)
>>> - Go to Windows Defender Security Center - Exploit protection settings
>>> - Disable System Settings - Force randomization for images 
>>> (Mandatory ASLR) and
>>> Randomize memory allocations (Bottom-up ASLR) from "On by default" 
>>> to "Off by
>>> default"
>>>
>>> Now setup.exe works and can rebase everything; after that Cygwin 
>>> Terminal starts
>>> as a working shell without problems.
>>>
>>> @cygwin dev's - It seems one of the windows updates (system is on 
>>> 1709 build
>>> 16299.214) might have changed my ASLR settings to "system wide 
>>> mandatory" (i.e.
>>> see
>>> https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/ 
>>>
>>> for info) so that the cygwin DLLs don't work correctly anymore (i.e. 
>>> see old
>>> thread about this topic here
>>> https://www.cygwin.com/ml/cygwin/2013-06/msg00092.html).
>>> This change might have made it into the system as part of the 
>>> security update
>>> for Meltdown+Spectre (I am speculating), but that could explain why 
>>> my cygwin
>>> installation that worked fine before (i.e. mid-2017) stopped working 
>>> suddenly
>>> (beginning 2018). It would be good to devize a test for the 
>>> setup.exe that
>>> checks the registry (likely
>>> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session 
>>> Manager\kernel])
>>> for this state and alerts the user.
>> I'm on W10 Home 1709/16299.192 (slightly older).
>>
>> Under Windows Defender Security Center/App & browser control/Exploit
>> protection/Exploit protection settings/System settings/Force 
>> randomization for
>> images (Mandatory ASLR) - "Force relocation of images not compiled with
>> /DYNAMICBASE" is "Off by default", whereas Randomize memory allocations
>> (Bottom-up ASLR) - "Randomize locations for virtual memory 
>> allocations." and all
>> other settings are "On by default".
>>
>> Under Windows Defender Security Center/App & browser control/Exploit
>> protection/Exploit protection settings/Program settings various .exes 
>> have 0-2
>> system overrides of settings.
>>
>> I used the Export settings selection at the bottom to export the 
>> settings, which
>> use the implied System settings defaults, and include the Program 
>> settings
>> system overrides shown in the attached xml file.
>>
>> It may be useful if you could export your default and updated 
>> settings for
>> comparison and information.
>> It would be nice if one of the project volunteers with Windows threat 
>> mitigation
>> knowledge could look at these, to see if there is a better approach.
>>
>> I expect to get updated the next time I restart, as I have been seeing
>> notifications to that effect, and will not be surprised if my system 
>> startup
>> Cygwin shell scripts fail.
> I guess Andreas' suggestion is confirmed by 
> https://github.com/mintty/wsltty/issues/6#issuecomment-361281467
> Thomas
>
> -- 
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>
>


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple