From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 130998 invoked by alias); 16 Feb 2018 06:41:46 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 130966 invoked by uid 89); 16 Feb 2018 06:41:45 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.6 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=Editor, threat, UD:blogs.technet.microsoft.com, blogs.technet.microsoft.com X-HELO: smtp-out-so.shaw.ca Received: from smtp-out-so.shaw.ca (HELO smtp-out-so.shaw.ca) (64.59.136.137) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 16 Feb 2018 06:41:43 +0000 Received: from [192.168.1.100] ([24.64.240.204]) by shaw.ca with ESMTP id mZiHedOMBrQkomZiIeVlvS; Thu, 15 Feb 2018 23:41:42 -0700 X-Authority-Analysis: v=2.3 cv=RPud4bq+ c=1 sm=1 tr=0 a=MVEHjbUiAHxQW0jfcDq5EA==:117 a=MVEHjbUiAHxQW0jfcDq5EA==:17 a=N659UExz7-8A:10 a=yMhMjlubAAAA:8 a=w_pzkKWiAAAA:8 a=NEAV23lmAAAA:8 a=G2M2N0FtD0lCLSTZRxQA:9 a=pILNOxqGKmIA:10 a=uxdnVy1cKkYA:10 a=nFIw9-zvy9kA:10 a=sRI3_1zDfAgwuvI8zelB:22 Reply-To: Brian.Inglis@SystematicSw.ab.ca Subject: Re: W10 Mandatory ASLR default To: cygwin@cygwin.com References: <8297ddf5-5d06-c2b1-526b-16ca311749aa@ferzkopp.net> <20180212164945.GA2361@jbsupah> <890bb1f3-65b3-b9d8-fdaa-bb148cce4163@towo.net> From: Brian Inglis Message-ID: <327030c8-7dfa-8e57-eb70-45e890f8aac2@SystematicSw.ab.ca> Date: Fri, 16 Feb 2018 06:41:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4wfCEwwaBD1KMyYfWTUhTn4zFoPlBjwRKtIyUULB2PEcdrkHq51zWovos4AakYWW2UkQGC7qbmYcpXwDPHsiiWkRVYdyqeA5uV1w4Goef9XBfaYpyOUbZW NM7rfsezxlP5QcnKqWc165FbMHzQxFarNz+AGf3tWAO1THgYJ7r/yftu/WlKv9Ue4udcCj5ljhqWPw== X-IsSubscribed: yes X-SW-Source: 2018-02/txt/msg00180.txt.bz2 On 2018-02-14 00:36, Andreas Schiffler wrote: > On 2/13/2018 11:17 PM, Thomas Wolff wrote: >> Am 14.02.2018 um 04:25 schrieb Brian Inglis: >>> On 2018-02-12 21:58, Andreas Schiffler wrote: >>>> Found the workaround (read: not really a solution as it leaves the system >>>> vulnerable, but it unblocks cygwin) >>>> - Go to Windows Defender Security Center - Exploit protection settings >>>> - Disable System Settings - Force randomization for images (Mandatory ASLR) and >>>> Randomize memory allocations (Bottom-up ASLR) from "On by default" to "Off by >>>> default" >>>> >>>> Now setup.exe works and can rebase everything; after that Cygwin Terminal >>>> starts as a working shell without problems. >>>> @cygwin dev's - It seems one of the windows updates (system is on 1709 build >>>> 16299.214) might have changed my ASLR settings to "system wide mandatory" (i.e. >>>> see >>>> https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/ >>>> for info) so that the cygwin DLLs don't work correctly anymore (i.e. see old >>>> thread about this topic here >>>> https://www.cygwin.com/ml/cygwin/2013-06/msg00092.html). >>>> It would be good to devize a test for the setup.exe that >>>> checks the registry (likely >>>> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]) >>>> for this state and alerts the user. >>> I'm on W10 Home 1709/16299.192 (slightly older). >>> Under Windows Defender Security Center/App & browser control/Exploit >>> protection/Exploit protection settings/System settings/Force randomization for >>> images (Mandatory ASLR) - "Force relocation of images not compiled with >>> /DYNAMICBASE" is "Off by default", whereas Randomize memory allocations >>> (Bottom-up ASLR) - "Randomize locations for virtual memory allocations." and all >>> other settings are "On by default". >>> Under Windows Defender Security Center/App & browser control/Exploit >>> protection/Exploit protection settings/Program settings various .exes have 0-2 >>> system overrides of settings. >>> It would be nice if one of the project volunteers with Windows threat mitigation >>> knowledge could look at these, to see if there is a better approach. >> I guess Andreas' suggestion is confirmed by >> https://github.com/mintty/wsltty/issues/6#issuecomment-361281467 > Here is the registry state: > Mandatory ASLR off > Windows Registry Editor Version 5.00 > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel] > "MitigationOptions"=hex:00,02,22,00,00,00,00,00,00,00,00,00,00,00,00,00 > Mandatory ASLR on > Windows Registry Editor Version 5.00 > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel] > "MitigationOptions"=hex:00,01,21,00,00,00,00,00,00,00,00,00,00,00,00,00 Could setup be updated to reset Mandatory ASLR if the reg keys exist, or an /etc/postinstall/[0z]p_disable_mandatory_aslr.sh script do a check and reset? -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple