From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 13491 invoked by alias); 14 Feb 2018 07:17:05 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 13479 invoked by uid 89); 14 Feb 2018 07:17:05 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.0 required=5.0 tests=AWL,BAYES_20,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=no version=3.3.2 spammy=threat, UD:blogs.technet.microsoft.com, blogs.technet.microsoft.com, blogstechnetmicrosoftcom X-HELO: mout.kundenserver.de Received: from mout.kundenserver.de (HELO mout.kundenserver.de) (212.227.126.130) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 14 Feb 2018 07:17:03 +0000 Received: from [192.168.178.45] ([95.91.246.210]) by mrelayeu.kundenserver.de (mreue006 [212.227.15.167]) with ESMTPSA (Nemesis) id 0MQYci-1fFSyG1jum-00TmrR for ; Wed, 14 Feb 2018 08:17:00 +0100 Subject: Re: W10 Mandatory ASLR default To: cygwin@cygwin.com References: <8297ddf5-5d06-c2b1-526b-16ca311749aa@ferzkopp.net> <20180212164945.GA2361@jbsupah> From: Thomas Wolff Message-ID: <890bb1f3-65b3-b9d8-fdaa-bb148cce4163@towo.net> Date: Wed, 14 Feb 2018 07:17:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-UI-Out-Filterresults: notjunk:1;V01:K0:+tJJ14AfmRk=:LjV+j62L7PRlwhNlDvXqhC BBvG9Z2nzmxDTQ8C/pzyGoFw4I0emov1QcZH19GZn28FUcJfbussjiYp+8pWw8ArURleShC1+ bhXhmo/YVLCYU20Csqi62DLxYY+1aLwQuPEMvJhhz+n7EPtjg0KWkCrkO4OztyvPu4T2Ui/sz kaBMLzsQ0P09zvT5A1KdowQyKSqSUFKQzqEfz/V6WfgZ2z6uoqwaHOsg/wWg6ODYLbqihtCFQ FIqmIYEhbehfEpms7vCglSS8ekCtdxnyo1AzaZwcRHTibatJBaCHIhQDGnRgAzQw1LYwLFXNS 9xUMT4w9itdP/Puif3Cz9cbtCqx5Oa1LCsHZMP7Ml5ORY2ktrgC5AE4/tIod2cVanb6L5Tpqa IeHs+fdBOlUQFsSOjOzp3Hh5c1tsz3Xx5vrinAdJJY3WHN3OlEH972fTPR8P7vX9fF+No8Djx u89/3+j7OW/72hVyoyhSQqJODuL530KYB0Sh63EY2UUCaX+SAeZNhAR3lSPw54NnBnsQcvPJU WrOoevUV+KeShcnNfxNCa/WqZGIroAHNnguyE4bWm62Rj5Rtxcy+KAClXOW8OLHBU4wShAODY UJLb91YqDgF3I0uGW6Qw2ju0Oat2VafTAOZ8wy5TwcD4bSqfTPFt6E1aNCz4QFdBaE18JrFgK GGjdXtIDAEOWfZRFStbA6H1jk8Xl/QtZ12HHnJQ1twKBD4xf39U9Qjf9w97NMnK7SdRtr87AD OWwiQD22fPqgnsOgpSLr0UIJwLtFQf+R15LMqIjn3EspzR21N7i0/Rbrcb8= X-IsSubscribed: yes X-SW-Source: 2018-02/txt/msg00156.txt.bz2 Am 14.02.2018 um 04:25 schrieb Brian Inglis: > On 2018-02-12 21:58, Andreas Schiffler wrote: >> Found the workaround (read: not really a solution as it leaves the system >> vulnerable, but it unblocks cygwin) >> - Go to Windows Defender Security Center - Exploit protection settings >> - Disable System Settings - Force randomization for images (Mandatory ASLR) and >> Randomize memory allocations (Bottom-up ASLR) from "On by default" to "Off by >> default" >> >> Now setup.exe works and can rebase everything; after that Cygwin Terminal starts >> as a working shell without problems. >> >> @cygwin dev's - It seems one of the windows updates (system is on 1709 build >> 16299.214) might have changed my ASLR settings to "system wide mandatory" (i.e. >> see >> https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/ >> for info) so that the cygwin DLLs don't work correctly anymore (i.e. see old >> thread about this topic here >> https://www.cygwin.com/ml/cygwin/2013-06/msg00092.html). >> This change might have made it into the system as part of the security update >> for Meltdown+Spectre (I am speculating), but that could explain why my cygwin >> installation that worked fine before (i.e. mid-2017) stopped working suddenly >> (beginning 2018). It would be good to devize a test for the setup.exe that >> checks the registry (likely >> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]) >> for this state and alerts the user. > I'm on W10 Home 1709/16299.192 (slightly older). > > Under Windows Defender Security Center/App & browser control/Exploit > protection/Exploit protection settings/System settings/Force randomization for > images (Mandatory ASLR) - "Force relocation of images not compiled with > /DYNAMICBASE" is "Off by default", whereas Randomize memory allocations > (Bottom-up ASLR) - "Randomize locations for virtual memory allocations." and all > other settings are "On by default". > > Under Windows Defender Security Center/App & browser control/Exploit > protection/Exploit protection settings/Program settings various .exes have 0-2 > system overrides of settings. > > I used the Export settings selection at the bottom to export the settings, which > use the implied System settings defaults, and include the Program settings > system overrides shown in the attached xml file. > > It may be useful if you could export your default and updated settings for > comparison and information. > It would be nice if one of the project volunteers with Windows threat mitigation > knowledge could look at these, to see if there is a better approach. > > I expect to get updated the next time I restart, as I have been seeing > notifications to that effect, and will not be surprised if my system startup > Cygwin shell scripts fail. I guess Andreas' suggestion is confirmed by https://github.com/mintty/wsltty/issues/6#issuecomment-361281467 Thomas -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple