RE: Does the Cygwin setup program do internal sanity checks on startup?

[Brian Cowan <brian.cowan@hcl.com>]

And this was exactly it. I downloaded the latest UPX version, and it crashed on startup. I downloaded the Linux version on another host, copied the setup program to that host and extracted it there. NOW I can update Cygwin...

Brian Cowan
HCL Software
Technical Specialist, ClearCase SWAT
brian.cowan@hcl.com


-----Original Message-----
From: Jon Turney <jon.turney@dronecode.org.uk>
Sent: Thursday, August 25, 2022 1:12 PM
To: cygwin@cygwin.com; Brian Cowan <brian.cowan@hcl.com>
Subject: Re: Does the Cygwin setup program do internal sanity checks on startup?

[CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don't click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.]

On 25/08/2022 17:52, Adam Dinwoodie wrote:
> On Wed, Aug 24, 2022 at 08:46:10PM +0000, Brian Cowan via Cygwin wrote:
 >>Does the Cygwin setup program do internal sanity checks on startup?

Not as such.  And if it did, the behaviour when the fails should be to say those checks have failed, rather than crash apparently randomly...

>> Why would I ask that question? Because I have a host running a
>> hodgepodge of company-mandated security software, and -- only on that
>> host -- the Cygwin setup tool crashes...
>>
>> Oddities:
>> 1. The crash generates 3 dump files when I use procdump, which is odd
>> since I "normally" only get 2 identical dumps from procdump.
>> 2. A Websense ForcePoint DLP DLL is loaded in the process space,
>> apparently through DLL injection.
>> 3. There seem to be 3 threads started, only one of which is the setup
>> program's "main" function. I had to get that out of a Process Monitor
>> log since the dump files are largely content free.
>> 4. The crash is unique to the setup program. Nothing else appears to
>> fail.
>>
>> The crash is an "illegal instruction" dump, which of course doesn't
>> make a lot of sense... This could be one of the other security
>> packages/policies on this host being "helpful."
>>
>> I need ammunition to take to my internal Mordak's so I can update
>> Cygwin... Sure I can use WSL, but not for everything.
>
> This sounds like classic "BLODA": applications that interfere with how
> Cygwin provides *nix compatibility.  There's more info in the FAQs at
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcygw
> in.com%2Ffaq%2Ffaq.html%23faq.using.bloda&amp;data=05%7C01%7Cbrian.cow
> an%40hcl.com%7C0bc9158dc671450d207e08da86bcde4c%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637970442994701514%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=k%2FghFN8u0Yp5xDsUp8fJ61uceTUpwLEKdF8SRMCFGOk%3D&amp;reserved=0, but in short it seems very likely that this problem is caused by some security software running on this system.

This does indeed sound like interference by some other software.

But the setup program is not a Cygwin executable (it's not linked with the cygwin DLL because (i) it's not present before setup has installed it, and (ii) updating that DLL from setup while setup is using is problematic...

Note that the Cygwin setup executable as distributed is packed with UPX, which could very well interfere with the expectations of a poorly written injected DLL.

(You can reverse that compression by running 'upx -d' on the setup
executable)
::DISCLAIMER::
________________________________
The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects.
________________________________