public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed
* Does the Cygwin setup program do internal sanity checks on startup?
@ 2022-08-24 20:46 Brian Cowan
  2022-08-25 16:52 ` Adam Dinwoodie
  0 siblings, 1 reply; 7+ messages in thread
From: Brian Cowan @ 2022-08-24 20:46 UTC (permalink / raw)
  To: cygwin

Why would I ask that question? Because I have a host running a hodgepodge of company-mandated security software, and -- only on that host -- the Cygwin setup tool crashes...

Oddities:
1. The crash generates 3 dump files when I use procdump, which is odd since I "normally" only get 2 identical dumps from procdump.
2. A Websense ForcePoint DLP DLL is loaded in the process space, apparently through DLL injection.
3. There seem to be 3 threads started, only one of which is the setup program's "main" function. I had to get that out of a Process Monitor log since the dump files are largely content free.
4. The crash is unique to the setup program. Nothing else appears to fail.

The crash is an "illegal instruction" dump, which of course doesn't make a lot of sense... This could be one of the other security packages/policies on this host being "helpful."

I need ammunition to take to my internal Mordak's so I can update Cygwin... Sure I can use WSL, but not for everything.

Brian Cowan
HCL Software
Technical Specialist, ClearCase SWAT
brian.cowan@hcl.com


::DISCLAIMER::
________________________________
The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects.
________________________________

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Does the Cygwin setup program do internal sanity checks on startup?
  2022-08-24 20:46 Does the Cygwin setup program do internal sanity checks on startup? Brian Cowan
@ 2022-08-25 16:52 ` Adam Dinwoodie
  2022-08-25 17:11   ` Jon Turney
  0 siblings, 1 reply; 7+ messages in thread
From: Adam Dinwoodie @ 2022-08-25 16:52 UTC (permalink / raw)
  To: cygwin

On Wed, Aug 24, 2022 at 08:46:10PM +0000, Brian Cowan via Cygwin wrote:
> Why would I ask that question? Because I have a host running a
> hodgepodge of company-mandated security software, and -- only on that
> host -- the Cygwin setup tool crashes...
> 
> Oddities:
> 1. The crash generates 3 dump files when I use procdump, which is odd
> since I "normally" only get 2 identical dumps from procdump.
> 2. A Websense ForcePoint DLP DLL is loaded in the process space,
> apparently through DLL injection.
> 3. There seem to be 3 threads started, only one of which is the setup
> program's "main" function. I had to get that out of a Process Monitor
> log since the dump files are largely content free.
> 4. The crash is unique to the setup program. Nothing else appears to
> fail.
> 
> The crash is an "illegal instruction" dump, which of course doesn't
> make a lot of sense... This could be one of the other security
> packages/policies on this host being "helpful."
> 
> I need ammunition to take to my internal Mordak's so I can update
> Cygwin... Sure I can use WSL, but not for everything.

This sounds like classic "BLODA": applications that interfere with how
Cygwin provides *nix compatibility.  There's more info in the FAQs at
https://cygwin.com/faq/faq.html#faq.using.bloda, but in short it seems
very likely that this problem is caused by some security software
running on this system.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Does the Cygwin setup program do internal sanity checks on startup?
  2022-08-25 16:52 ` Adam Dinwoodie
@ 2022-08-25 17:11   ` Jon Turney
  2022-08-25 18:14     ` Brian Cowan
  0 siblings, 1 reply; 7+ messages in thread
From: Jon Turney @ 2022-08-25 17:11 UTC (permalink / raw)
  To: cygwin, Brian Cowan

On 25/08/2022 17:52, Adam Dinwoodie wrote:
> On Wed, Aug 24, 2022 at 08:46:10PM +0000, Brian Cowan via Cygwin wrote:
 >>Does the Cygwin setup program do internal sanity checks on startup?

Not as such.  And if it did, the behaviour when the fails should be to 
say those checks have failed, rather than crash apparently randomly...

>> Why would I ask that question? Because I have a host running a
>> hodgepodge of company-mandated security software, and -- only on that
>> host -- the Cygwin setup tool crashes...
>>
>> Oddities:
>> 1. The crash generates 3 dump files when I use procdump, which is odd
>> since I "normally" only get 2 identical dumps from procdump.
>> 2. A Websense ForcePoint DLP DLL is loaded in the process space,
>> apparently through DLL injection.
>> 3. There seem to be 3 threads started, only one of which is the setup
>> program's "main" function. I had to get that out of a Process Monitor
>> log since the dump files are largely content free.
>> 4. The crash is unique to the setup program. Nothing else appears to
>> fail.
>>
>> The crash is an "illegal instruction" dump, which of course doesn't
>> make a lot of sense... This could be one of the other security
>> packages/policies on this host being "helpful."
>>
>> I need ammunition to take to my internal Mordak's so I can update
>> Cygwin... Sure I can use WSL, but not for everything.
> 
> This sounds like classic "BLODA": applications that interfere with how
> Cygwin provides *nix compatibility.  There's more info in the FAQs at
> https://cygwin.com/faq/faq.html#faq.using.bloda, but in short it seems
> very likely that this problem is caused by some security software
> running on this system.

This does indeed sound like interference by some other software.

But the setup program is not a Cygwin executable (it's not linked with 
the cygwin DLL because (i) it's not present before setup has installed 
it, and (ii) updating that DLL from setup while setup is using is 
problematic...

Note that the Cygwin setup executable as distributed is packed with UPX, 
which could very well interfere with the expectations of a poorly 
written injected DLL.

(You can reverse that compression by running 'upx -d' on the setup 
executable)

^ permalink raw reply	[flat|nested] 7+ messages in thread

* RE: Does the Cygwin setup program do internal sanity checks on startup?
  2022-08-25 17:11   ` Jon Turney
@ 2022-08-25 18:14     ` Brian Cowan
  2022-08-28 15:46       ` Jon Turney
  0 siblings, 1 reply; 7+ messages in thread
From: Brian Cowan @ 2022-08-25 18:14 UTC (permalink / raw)
  To: Jon Turney, cygwin

And this was exactly it. I downloaded the latest UPX version, and it crashed on startup. I downloaded the Linux version on another host, copied the setup program to that host and extracted it there. NOW I can update Cygwin...

Brian Cowan
HCL Software
Technical Specialist, ClearCase SWAT
brian.cowan@hcl.com


-----Original Message-----
From: Jon Turney <jon.turney@dronecode.org.uk>
Sent: Thursday, August 25, 2022 1:12 PM
To: cygwin@cygwin.com; Brian Cowan <brian.cowan@hcl.com>
Subject: Re: Does the Cygwin setup program do internal sanity checks on startup?

[CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don't click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.]

On 25/08/2022 17:52, Adam Dinwoodie wrote:
> On Wed, Aug 24, 2022 at 08:46:10PM +0000, Brian Cowan via Cygwin wrote:
 >>Does the Cygwin setup program do internal sanity checks on startup?

Not as such.  And if it did, the behaviour when the fails should be to say those checks have failed, rather than crash apparently randomly...

>> Why would I ask that question? Because I have a host running a
>> hodgepodge of company-mandated security software, and -- only on that
>> host -- the Cygwin setup tool crashes...
>>
>> Oddities:
>> 1. The crash generates 3 dump files when I use procdump, which is odd
>> since I "normally" only get 2 identical dumps from procdump.
>> 2. A Websense ForcePoint DLP DLL is loaded in the process space,
>> apparently through DLL injection.
>> 3. There seem to be 3 threads started, only one of which is the setup
>> program's "main" function. I had to get that out of a Process Monitor
>> log since the dump files are largely content free.
>> 4. The crash is unique to the setup program. Nothing else appears to
>> fail.
>>
>> The crash is an "illegal instruction" dump, which of course doesn't
>> make a lot of sense... This could be one of the other security
>> packages/policies on this host being "helpful."
>>
>> I need ammunition to take to my internal Mordak's so I can update
>> Cygwin... Sure I can use WSL, but not for everything.
>
> This sounds like classic "BLODA": applications that interfere with how
> Cygwin provides *nix compatibility.  There's more info in the FAQs at
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcygw
> in.com%2Ffaq%2Ffaq.html%23faq.using.bloda&amp;data=05%7C01%7Cbrian.cow
> an%40hcl.com%7C0bc9158dc671450d207e08da86bcde4c%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637970442994701514%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=k%2FghFN8u0Yp5xDsUp8fJ61uceTUpwLEKdF8SRMCFGOk%3D&amp;reserved=0, but in short it seems very likely that this problem is caused by some security software running on this system.

This does indeed sound like interference by some other software.

But the setup program is not a Cygwin executable (it's not linked with the cygwin DLL because (i) it's not present before setup has installed it, and (ii) updating that DLL from setup while setup is using is problematic...

Note that the Cygwin setup executable as distributed is packed with UPX, which could very well interfere with the expectations of a poorly written injected DLL.

(You can reverse that compression by running 'upx -d' on the setup
executable)
::DISCLAIMER::
________________________________
The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects.
________________________________

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Does the Cygwin setup program do internal sanity checks on startup?
  2022-08-25 18:14     ` Brian Cowan
@ 2022-08-28 15:46       ` Jon Turney
  2022-08-31 12:14         ` Brian Cowan
  0 siblings, 1 reply; 7+ messages in thread
From: Jon Turney @ 2022-08-28 15:46 UTC (permalink / raw)
  To: The Cygwin Mailing List

On 25/08/2022 19:14, Brian Cowan via Cygwin wrote:
> And this was exactly it. I downloaded the latest UPX version, and it
> crashed on startup. I downloaded the Linux version on another host,
> copied the setup program to that host and extracted it there. NOW I
> can update Cygwin...

I wonder if UPX compression of setup makes as much sense now as it did 
20+ years ago.

Not only does it (occasionally) generate problems like this, but
also with malware detection heuristics.

OTOH, not using it would make setup ~4x larger.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* RE: Does the Cygwin setup program do internal sanity checks on startup?
  2022-08-28 15:46       ` Jon Turney
@ 2022-08-31 12:14         ` Brian Cowan
  2022-09-03 13:02           ` Andrey Repin
  0 siblings, 1 reply; 7+ messages in thread
From: Brian Cowan @ 2022-08-31 12:14 UTC (permalink / raw)
  To: Jon Turney, The Cygwin Mailing List

Well, is it possible to use 7zip? It seems like you can do something like it in: https://superuser.com/questions/42788/is-it-possible-to-execute-a-file-after-extraction-from-a-7-zip-self-extracting-a

Not that I think this would help with heuristics, and some AV tools REALLY don't like executing things from users' temp directories. (Which .Net applications seem to like to do sometimes.)

Maybe have compressed and uncompressed installers?

Brian Cowan
HCL Software
Technical Specialist, ClearCase SWAT
brian.cowan@hcl.com


-----Original Message-----
From: Cygwin <cygwin-bounces+brian.cowan=hcl.com@cygwin.com> On Behalf Of Jon Turney
Sent: Sunday, August 28, 2022 11:46 AM
To: The Cygwin Mailing List <cygwin@cygwin.com>
Subject: Re: Does the Cygwin setup program do internal sanity checks on startup?

[CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don't click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.]

On 25/08/2022 19:14, Brian Cowan via Cygwin wrote:
> And this was exactly it. I downloaded the latest UPX version, and it
> crashed on startup. I downloaded the Linux version on another host,
> copied the setup program to that host and extracted it there. NOW I
> can update Cygwin...

I wonder if UPX compression of setup makes as much sense now as it did
20+ years ago.

Not only does it (occasionally) generate problems like this, but also with malware detection heuristics.

OTOH, not using it would make setup ~4x larger.
::DISCLAIMER::
________________________________
The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects.
________________________________

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Does the Cygwin setup program do internal sanity checks on startup?
  2022-08-31 12:14         ` Brian Cowan
@ 2022-09-03 13:02           ` Andrey Repin
  0 siblings, 0 replies; 7+ messages in thread
From: Andrey Repin @ 2022-09-03 13:02 UTC (permalink / raw)
  To: Brian Cowan, cygwin

Greetings, Brian Cowan!

Please bottom post in this list. And trim unnecessary quoting.

> Well, is it possible to use 7zip? It seems like you can do something like
> it in:
> https://superuser.com/questions/42788/is-it-possible-to-execute-a-file-after-extraction-from-a-7-zip-self-extracting-a

> Not that I think this would help with heuristics, and some AV tools REALLY
> don't like executing things from users' temp directories. (Which .Net
> applications seem to like to do sometimes.)

> Maybe have compressed and uncompressed installers?

This is such a rare occurrence, that we could simply post instructions on how
to unpack the installer, for whom it is a problem.


-- 
With best regards,
Andrey Repin
Saturday, September 3, 2022 16:00:09

Sorry for my terrible english...


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2022-09-03 13:05 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-24 20:46 Does the Cygwin setup program do internal sanity checks on startup? Brian Cowan
2022-08-25 16:52 ` Adam Dinwoodie
2022-08-25 17:11   ` Jon Turney
2022-08-25 18:14     ` Brian Cowan
2022-08-28 15:46       ` Jon Turney
2022-08-31 12:14         ` Brian Cowan
2022-09-03 13:02           ` Andrey Repin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).