DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=quPh3fehqVyduUn6
	ohY0C3SpIearLhYRQz92zQ1o0o6rbaVxwnVyVY/PH/+JMiON00AnapIVZwpGX5fv
	/EXKmIQTMc/b8Je+8/gijSf63PyrGLH9Ipq04SEfBhneklze5nMhKcqrv6nSY1ip
	xoAfFPzjGSLt9IQvJ89g5G03pAY=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Subject: Re: why is mintty trying to connect to google through my browser
To: cygwin AT cygwin DOT com
References: <68829061-b2ec-9b42-9f07-db00977de9a7 AT molconn DOT com>
From: Thomas Wolff <towo AT towo DOT net>
Message-ID: <8ec45a75-3ca7-f28c-0403-95dff5667855@towo.net>
Date: Fri, 11 Oct 2019 21:11:15 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <68829061-b2ec-9b42-9f07-db00977de9a7@molconn.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit


Am 11.10.2019 um 20:33 schrieb LMH:
> Hello,
>
> I had an odd thing happen today. I opened a cygwin terminal to do something and got a
> firewall alert that mintty was attempting to inject network traffic. I did a
> temporary deny because there is no reason for mintty to make a connection based on
> what I was doing and I have never seen that alert before (or I would have a firewall
> rule already). That alert doesn't say where the connection would be made to if the
> injection was allowed.
>
> This temporary block seemed to break my seamonkey connection. My firewall log is full
> of entries about blocked connections for seamonkey and the reason given is
> "restricted parent process c:\cygwin\bin\mintty". I did not launch seamonkey using
> mintty, so I have no idea why the firewall would see mintty as the parent process.
> All of the seamonkey attempted connections to my email server were also blocked for
> the same reason. When I closed the terminal, everything  went back to normal.
>
> It seems like mintty tried to inject some network traffic to the seamonkey process
> and for some reason, blocking this injection caused the firewall to block all traffic
> from seamonkey.
>
> Why would mintty try to inject network traffic to another process at startup? If it
> needed ot connect for some reason, why would mintty try to make that connection
> through another application instead of just making the connection itself?
It does neither of that. Mintty only ever accesses the network if you 
open the Options dialog.
It occasionally looks up the current mintty version for an indication 
that you could update (disable with CheckVersionUpdate=0), and it 
downloads contents if you drag a URL onto the Theme configuration field 
(also planned for the Bell Wave file) or click on the "Color Scheme 
Designer" button.
> I deleted any firewall rules for mintty and started the terminal again, but that does
> not reproduce the situation at the moment.
This, and the fact that your system claimed mintty to be the parent of 
Seamonkey, suggests that something is or was utterly broken on your system.

Thomas

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple