X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:reply-to:subject:to:references:from:message-id :date:mime-version:in-reply-to:content-type; q=dns; s=default; b= er3rDfLr4ZBpgEkwcGaYleA7emWuZhmeyB7viRBoIPv7co0cLLHttwP8FqD8q9nw dSKy4lqdDZ6AyH+imtOU6LiZHUgZPl+MGV7WY2cOxIqHj9irU+u0T/hYV/EuyPPm 5hLJbC5w97+b9coUlWqfyz5y188IZ5aQXvNd3Ig2W4w= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:reply-to:subject:to:references:from:message-id :date:mime-version:in-reply-to:content-type; s=default; bh=bEyfc aXe0yrnvPVzOrfynCbbeWs=; b=jLhFZ12PN7PPaqhKPpNgh+t7PU8gSBu5Bmn+7 SFb0rPyhBljq0hPw8mNh6j9O0FVNmAfcY3A/BMbDxlm2cZqclmNW6C0Z147XQ700 aPfYnAR63m/DUQoFMotM5tG4fhI0DianatCmI02ROuoIVgUTu7C5+VidxsmT8aBm gEr+a0= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=sk:systems, threat, UD:blogs.technet.microsoft.com, blogs.technet.microsoft.com X-HELO: smtp-out-so.shaw.ca X-Authority-Analysis: v=2.3 cv=D6Jp1MZj c=1 sm=1 tr=0 a=MVEHjbUiAHxQW0jfcDq5EA==:117 a=MVEHjbUiAHxQW0jfcDq5EA==:17 a=r77TgQKjGQsHNAKrUKIA:9 a=yMhMjlubAAAA:8 a=w_pzkKWiAAAA:8 a=DebnMqUAnOt0llDUNdoA:9 a=7Zwj6sZBwVKJAoWSPKxL6X1jA+E=:19 a=pILNOxqGKmIA:10 a=uxdnVy1cKkYA:10 a=nFIw9-zvy9kA:10 a=FFmbRamVujO-ixZxrPMA:9 a=zJJgJrR4LD4A:10 a=jvwAycmo3Y0A:10 a=sRI3_1zDfAgwuvI8zelB:22 Reply-To: Brian DOT Inglis AT SystematicSw DOT ab DOT ca Subject: Re: W10 Mandatory ASLR default (was: cygwin stopped working) To: cygwin AT cygwin DOT com References: <8297ddf5-5d06-c2b1-526b-16ca311749aa AT ferzkopp DOT net> <20180212164945 DOT GA2361 AT jbsupah> From: Brian Inglis Message-ID: Date: Tue, 13 Feb 2018 20:25:39 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/mixed; boundary="------------85D95F6EAC2BF17F8DFBA3D8" X-CMAE-Envelope: MS4wfJwIyrjklXnVssFfDHhxcK9KxqBcRLFpVZeIwa9SBHineW5DANrLZzVgLyftZUf3jwpR2qYtqDgRVzeg31W4y6RAfJC1a1CHZlcmEriwS0J6/BFIrlU0 IxXtvhW8Q4oiiNlNdSUY2VGeKx51KzB7NVKj6MFGjqVbDT+YEtKl0vdQmjfQVuIEOToMdzkAhuQ7hA== X-IsSubscribed: yes --------------85D95F6EAC2BF17F8DFBA3D8 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 2018-02-12 21:58, Andreas Schiffler wrote: > Found the workaround (read: not really a solution as it leaves the system > vulnerable, but it unblocks cygwin) > - Go to Windows Defender Security Center - Exploit protection settings > - Disable System Settings - Force randomization for images (Mandatory ASLR) and > Randomize memory allocations (Bottom-up ASLR) from "On by default" to "Off by > default" > > Now setup.exe works and can rebase everything; after that Cygwin Terminal starts > as a working shell without problems. > > @cygwin dev's - It seems one of the windows updates (system is on 1709 build > 16299.214) might have changed my ASLR settings to "system wide mandatory" (i.e. > see > https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/ > for info) so that the cygwin DLLs don't work correctly anymore (i.e. see old > thread about this topic here > https://www.cygwin.com/ml/cygwin/2013-06/msg00092.html). > This change might have made it into the system as part of the security update > for Meltdown+Spectre (I am speculating), but that could explain why my cygwin > installation that worked fine before (i.e. mid-2017) stopped working suddenly > (beginning 2018). It would be good to devize a test for the setup.exe that > checks the registry (likely > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]) > for this state and alerts the user. I'm on W10 Home 1709/16299.192 (slightly older). Under Windows Defender Security Center/App & browser control/Exploit protection/Exploit protection settings/System settings/Force randomization for images (Mandatory ASLR) - "Force relocation of images not compiled with /DYNAMICBASE" is "Off by default", whereas Randomize memory allocations (Bottom-up ASLR) - "Randomize locations for virtual memory allocations." and all other settings are "On by default". Under Windows Defender Security Center/App & browser control/Exploit protection/Exploit protection settings/Program settings various .exes have 0-2 system overrides of settings. I used the Export settings selection at the bottom to export the settings, which use the implied System settings defaults, and include the Program settings system overrides shown in the attached xml file. It may be useful if you could export your default and updated settings for comparison and information. It would be nice if one of the project volunteers with Windows threat mitigation knowledge could look at these, to see if there is a better approach. I expect to get updated the next time I restart, as I have been seeing notifications to that effect, and will not be surprised if my system startup Cygwin shell scripts fail. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada --------------85D95F6EAC2BF17F8DFBA3D8 Content-Type: text/xml; name="ExploitProtectionProgramSettingsSystemOverrides.xml" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="ExploitProtectionProgramSettingsSystemOverrides.xml" --------------85D95F6EAC2BF17F8DFBA3D8 Content-Type: text/plain; charset=us-ascii -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple --------------85D95F6EAC2BF17F8DFBA3D8--