Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Sat, 5 Mar 2005 23:10:24 -0500
From: Jean-Sebastien Trottier <jst1 AT email DOT com>
To: Cygwin Mailing List <cygwin AT cygwin DOT com>
Subject: Re: CSAgent warning with setup.exe
Message-ID: <20050306041024.GC6831@gw.jsoft.lan>
Mail-Followup-To: Cygwin Mailing List <cygwin AT cygwin DOT com>
References: <slrnd2h4gk DOT 1h0 DOT wbp AT L1422169 DOT w-intra DOT net> <023101c520e2$fd25ae50$c40110ac AT robinson DOT cam DOT ac DOT uk>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="OBd5C1Lgu00Gd/Tn"
Content-Disposition: inline
In-Reply-To: <023101c520e2$fd25ae50$c40110ac@robinson.cam.ac.uk>
User-Agent: Mutt/1.5.6+20040907i
X-IsSubscribed: yes

--OBd5C1Lgu00Gd/Tn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Mar 04, 2005 at 05:52:46PM -0000, Max Bowsher wrote:
> Will Parsons wrote:
> >I have cygwin 1.5.13 installed on the my WinXP machine at work.  The IT
> >department apparently has recently installed Cisco Security Agent and now
> >when I run setup.exe I get a warning message that setup.exe "tried to ma=
ke
> >system call from self-modifying code" and that this may mean the program
> >has been subverted by a buffer overflow attack.
> >
> >Is this true and if so is it something I should worry about?
>=20
> setup.exe does contain some legitimate self-modifying code (in autoload.c=
=20
> if anyone is interested).
>=20
> So, it's fairly likely this is a false alarm.
>=20
> Max.

Hmmm... I just tried running http://www.cygwin.com/setup.exe from my
computer at Cisco and the security agent did not report any warnings...

I don't want to be alarming but maybe you should investigate a bit
further...

At what time during the execution/installation did the warning appear?


My machine is running Win2K with all latest updates
Cygwin's setup.exe reports version 2.457.2.2
Cisco Security Agent reports version 4.0-2 build 627

Cheers,
Sebastien

--OBd5C1Lgu00Gd/Tn
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCKoKwWHtULG0eY+ERAidsAJ42cxTIAwMEs8cDZmZu2R4S1Y12IQCeJhuJ
glBU/8QnFA6zwa7ApsVxbXI=
=Jdzz
-----END PGP SIGNATURE-----

--OBd5C1Lgu00Gd/Tn--