X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:from:date:message-id:subject:to :content-type; q=dns; s=default; b=Bs0+OckwHi3y4+UGgIEHBOje7w/AN 5duCScXyjRmde89MOhhwWlicG/OH+dHz495ZMRZZZ0Vdl975E0YpKpiawtZGru1w 7Wrt0HQM/9f9JNJ9tDBvUJ5KQN2/hi7qiIUALMJFfXUEyK+h/ZKpm4gfpMrE7HfN id9t/DnmxI6I1A= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:from:date:message-id:subject:to :content-type; s=default; bh=ybKgFLjLLmStbgh7dsBTx+cjyYc=; b=jVY 3jzue42Q0DJFHcTqP2i7LRJa337AgCcpm6l5f0vzjDo9CQYEeRdlnm2JH+UJM71n RH/NkdO/Zg325UrC9oGAbMpTSlF9gGcp8OCDj1vSGol9KByV/pNiwHMiiP1VZr0h fTqeMMFfIouJrfru1qzVcWPESphkjlTmgljQ+4UA= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=images X-HELO: mail-io0-f172.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=FR6V3k5is5/2cpq7fKeUVR50CW5MwLNnSHYpfP3dCzY=; b=svX6dY6ltVvWFAkYH+KfFj2f03hUr2uMrRh4UEjgIS4KSjhmCzuYGJUfgnuA4mAxZH sgbxxiKZAxOCxLyzYSY5wsR2hIytilIFZygR0eewCbxuV1H15y7TY75cCZLu7ty9HkZ/ 3ZgayYKUXS53S1WqdofqJaWWIpg14zJ5kDfG6TcmRBWgbzOENKgec9jIzhjaxlsOLz0i DeqdR8waROTZqJ3B0Uinn759JeYTW3dJGGb/xhZiwR9WQpxa7i+sWk10fwPQRakZTJO4 NBLYFShN+a6p9pRkcUHGSI9l7wnS/rkD0rbR7X+WpQ28pz7GT9mf6AMTDrJ65lOSdfCH WmRw== X-Gm-Message-State: AKwxytcbadReWEZKfbgmtpjVlejzaIezHedM/LybQSZ1SZ9DSRzDLyzM U2A5G8Tt3R6DgEZkz6J0mF8cbeMqUYJrRGqRQfgfg1tx X-Google-Smtp-Source: ACJfBov3WjGQ4urOr/8fHuCWw8dIO6I1bgC6YPd4I6lBTAEaxt88oNSGrgNEFvbww1u8KghRAl8E7hzkvTmVVkRrF4c= X-Received: by 10.107.137.96 with SMTP id l93mr18120779iod.212.1515581262499; Wed, 10 Jan 2018 02:47:42 -0800 (PST) MIME-Version: 1.0 From: Erik Bray Date: Wed, 10 Jan 2018 11:47:41 +0100 Message-ID: Subject: Windows Defender Exploit Guard To: cygwin AT cygwin DOT com Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes Hi all, I've seen some reports, and encountered some problems myself, with the new "Windows Defender Exploit Guard" [1] w.r.t. Cygwin. This enables a number of anti-exploit protections, at least some of which might be a problem for Cygwin--in particular "Force randomization for images (Mandatory ASLR)" as the name suggests forces address space randomization even for DLLs, for example, with a fixed image base. Possibly some others are also a problem for Cygwin but I'm not sure. Fortunately, these settings can be customized on a per-executable basis, and this can be done programmatically with powershell: https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection Maybe for Cygwin we will want to include something like a companion script to rebase that applies the necessary exploit protection exceptions for Cygwin binaries... :( Best, Erik [1] https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple