X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Tue, 28 Feb 2012 10:21:44 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: BLODA detection code in latest snapshot
Message-ID: <20120228092144.GB23052@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20120227122614 DOT GB31025 AT calimero DOT vinschen DOT de> <4F4C41B5 DOT 7040804 AT acm DOT org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <4F4C41B5.7040804@acm.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Feb 27 18:53, David Rothenberger wrote:
> On 2/27/2012 4:26 AM, Corinna Vinschen wrote:
> >   Of course this is not foolproof.  The only filtered system DLLs so
> >   far are kernel32.dll, ntdll.dll, mswsock.dll, amd ws2_32.dll.  If you
> >   playing around with this, and if you find that a core system DLL is
> >   reported (like, say, advapi32.dll), then please notify this list, too.
> 
> On one of my Windows XP 32 boxes, it is reporting
> 
> Potential BLODA detected!  Thread function called outside of Cygwin DLL:
>   C:\WINDOWS\system32\advapi32.dll
> 
> when I ssh to another host. The machine DOES have potential BLODA,
> though: Symantec Endpoint Protection. It's never caused me any problems.

Weird!  I can't reproduce this on my XP box so I have to assume
this is a result of SEPs influence.  Hmm.  That's a bit disappointing.
How on earth can SEP call a thread function in advapi32?  I don't
think any of them are documented...

> you didn't say not to report it if there is helpful anti-workright
> software on the machine, so, here's your report. Forgive me if I
> misunderstood.

Oh.  In my last paragraph I wrote:

>> Of course I'd be interested in your experience with this and in any
>> BLODA message you get by setting CYGWIN=detect_bloda.

Sorry if that wasn't clear enough.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple