Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <023101c520e2$fd25ae50$c40110ac@robinson.cam.ac.uk>
From: "Max Bowsher" <maxb AT ukf DOT net>
To: <william DOT b DOT parsons AT us DOT westinghouse DOT com>, <cygwin AT cygwin DOT com>
References: <slrnd2h4gk DOT 1h0 DOT wbp AT L1422169 DOT w-intra DOT net>
Subject: Re: CSAgent warning with setup.exe
Date: Fri, 4 Mar 2005 17:52:46 -0000
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="Windows-1252"; reply-type=original
Content-Transfer-Encoding: 7bit
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
X-Cam-AntiVirus: No virus found
X-Cam-SpamDetails: Not scanned
X-IsSubscribed: yes
Note-from-DJ: This may be spam

Will Parsons wrote:
>I have cygwin 1.5.13 installed on the my WinXP machine at work.  The IT
> department apparently has recently installed Cisco Security Agent and now
> when I run setup.exe I get a warning message that setup.exe "tried to make
> system call from self-modifying code" and that this may mean the program
> has been subverted by a buffer overflow attack.
>
> Is this true and if so is it something I should worry about?

setup.exe does contain some legitimate self-modifying code (in autoload.c if 
anyone is interested).

So, it's fairly likely this is a false alarm.

Max.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/