From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 23993 invoked by alias); 28 Feb 2012 02:53:58 -0000 Received: (qmail 23983 invoked by uid 22791); 28 Feb 2012 02:53:57 -0000 X-SWARE-Spam-Status: No, hits=-1.9 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE X-Spam-Check-By: sourceware.org Received: from qmta10.emeryville.ca.mail.comcast.net (HELO qmta10.emeryville.ca.mail.comcast.net) (76.96.30.17) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 28 Feb 2012 02:53:43 +0000 Received: from omta23.emeryville.ca.mail.comcast.net ([76.96.30.90]) by qmta10.emeryville.ca.mail.comcast.net with comcast id fEYB1i0081wfjNsAAEtjC7; Tue, 28 Feb 2012 02:53:43 +0000 Received: from mail.daveroth.dyndns.org ([67.171.9.42]) by omta23.emeryville.ca.mail.comcast.net with comcast id fEti1i00K0uRACK8jEtjCw; Tue, 28 Feb 2012 02:53:43 +0000 Received: from [10.249.1.104] (tela64.daveroth.dyndns.org [10.249.1.104]) (authenticated bits=0) by mail.daveroth.dyndns.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id q1S2reel023129 for ; Mon, 27 Feb 2012 18:53:40 -0800 Message-ID: <4F4C41B5.7040804@acm.org> Date: Tue, 28 Feb 2012 08:16:00 -0000 From: David Rothenberger User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 MIME-Version: 1.0 To: cygwin@cygwin.com Subject: Re: BLODA detection code in latest snapshot References: <20120227122614.GB31025@calimero.vinschen.de> In-Reply-To: <20120227122614.GB31025@calimero.vinschen.de> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Reply-To: cygwin@cygwin.com Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2012-02/txt/msg00822.txt.bz2 On 2/27/2012 4:26 AM, Corinna Vinschen wrote: > Of course this is not foolproof. The only filtered system DLLs so > far are kernel32.dll, ntdll.dll, mswsock.dll, amd ws2_32.dll. If you > playing around with this, and if you find that a core system DLL is > reported (like, say, advapi32.dll), then please notify this list, too. On one of my Windows XP 32 boxes, it is reporting Potential BLODA detected! Thread function called outside of Cygwin DLL: C:\WINDOWS\system32\advapi32.dll when I ssh to another host. The machine DOES have potential BLODA, though: Symantec Endpoint Protection. It's never caused me any problems. You did say above to report to the list if advapi32.dll is reported, and you didn't say not to report it if there is helpful anti-workright software on the machine, so, here's your report. Forgive me if I misunderstood. -- David Rothenberger ---- daveroth@acm.org Small things make base men proud. -- William Shakespeare, "Henry VI" -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple