From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 44652 invoked by alias); 14 Feb 2018 07:36:58 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 44643 invoked by uid 89); 14 Feb 2018 07:36:57 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.3 required=5.0 tests=AWL,BAYES_05,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS autolearn=no version=3.3.2 spammy=Editor, threat, UD:blogs.technet.microsoft.com, blogs.technet.microsoft.com X-HELO: mout.perfora.net Received: from mout.perfora.net (HELO mout.perfora.net) (74.208.4.194) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 14 Feb 2018 07:36:56 +0000 Received: from [192.168.1.109] ([24.18.200.169]) by mrelay.perfora.net (mreueus003 [74.208.5.2]) with ESMTPSA (Nemesis) id 0LtpGl-1ede0h0LMz-011FDP for ; Wed, 14 Feb 2018 08:36:54 +0100 Subject: Re: W10 Mandatory ASLR default To: cygwin@cygwin.com References: <8297ddf5-5d06-c2b1-526b-16ca311749aa@ferzkopp.net> <20180212164945.GA2361@jbsupah> <890bb1f3-65b3-b9d8-fdaa-bb148cce4163@towo.net> From: Andreas Schiffler Message-ID: Date: Wed, 14 Feb 2018 07:36:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <890bb1f3-65b3-b9d8-fdaa-bb148cce4163@towo.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-UI-Out-Filterresults: notjunk:1;V01:K0:yrMXNm7Fn6I=:P5rW1zO139UZ3/Am0maxUO 7NuiirIluJ1QJckOHrsg7U2CvXHV6hi5kuW4YLIDPbJcoEqlEpPNXsLVPQoYrhBviXYZ/rd10 0DdXzQbsQC7Cw6lSsOEj3QklJhmiC60ZHPY6X11/3XtCBea5yckmnYE01eEJiXr1EjoKAzkj4 NsxX0Shh17n5iO7tkmZ5m/EhMeSrV8IUAfN/Rvrp2ehFFBKpJGxC/cw8JDiKNyFr2tzCq4sj7 lOM5In7/Fgr+bFWZqQClKsWU3dX/mAB6enwNUAsFuPvJtaEStj3zIwmddTwG2wDv87chc+CvT Iv3tfKVSAF5lr0+xMFBMdxQ+FBOWIKW/6MciWbzAN1+tMbzlcjQw/J8SqAG6wguCgwizY7YH7 ex2rr9m9ihvS1c0vcaxtdKhDgxOl73O0T4dwiEjnOvAg0Gg9ercvlraMc9PNLJidSLlNpLd1H +hmKPsNAqlRCxq48vlleHfYsowJ8/yXfAIigXJcB6lT62Oa+6Py5TeP8Xn0Oi2oCY7QzBFNjD jDDxnMMwSjeJPNQM4QSXCB7DuWfg2oCBSmM3TyK8hqcE+OHvQ+R8BbQW3Mt4WfAXEVC2paKAB AZa9tVihcHfyLA7AQQnmR3lnAYLSYsay+pM4YnqKZjTzZDr7inzu0+z7WN1ri6R+KxEMjH+vw FHiqDDJz9+WL7/fzrzroB1Z9iqjdbhL2hvTsiuPM/nwFG1Cu0VijV8AGeeEVDzR3+KyolfTc9 nrfk22E6NzCeIKxo1SoGvmh3p+EG+ERm6UREHPnBi9AlPxY23wsXkFTj1KE= X-IsSubscribed: yes X-SW-Source: 2018-02/txt/msg00157.txt.bz2 Here is the registry state: Mandatory ASLR off Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel] "MitigationOptions"=hex:00,02,22,00,00,00,00,00,00,00,00,00,00,00,00,00 Mandatory ASLR on Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel] "MitigationOptions"=hex:00,01,21,00,00,00,00,00,00,00,00,00,00,00,00,00 On 2/13/2018 11:17 PM, Thomas Wolff wrote: > Am 14.02.2018 um 04:25 schrieb Brian Inglis: >> On 2018-02-12 21:58, Andreas Schiffler wrote: >>> Found the workaround (read: not really a solution as it leaves the >>> system >>> vulnerable, but it unblocks cygwin) >>> - Go to Windows Defender Security Center - Exploit protection settings >>> - Disable System Settings - Force randomization for images >>> (Mandatory ASLR) and >>> Randomize memory allocations (Bottom-up ASLR) from "On by default" >>> to "Off by >>> default" >>> >>> Now setup.exe works and can rebase everything; after that Cygwin >>> Terminal starts >>> as a working shell without problems. >>> >>> @cygwin dev's - It seems one of the windows updates (system is on >>> 1709 build >>> 16299.214) might have changed my ASLR settings to "system wide >>> mandatory" (i.e. >>> see >>> https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/ >>> >>> for info) so that the cygwin DLLs don't work correctly anymore (i.e. >>> see old >>> thread about this topic here >>> https://www.cygwin.com/ml/cygwin/2013-06/msg00092.html). >>> This change might have made it into the system as part of the >>> security update >>> for Meltdown+Spectre (I am speculating), but that could explain why >>> my cygwin >>> installation that worked fine before (i.e. mid-2017) stopped working >>> suddenly >>> (beginning 2018). It would be good to devize a test for the >>> setup.exe that >>> checks the registry (likely >>> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session >>> Manager\kernel]) >>> for this state and alerts the user. >> I'm on W10 Home 1709/16299.192 (slightly older). >> >> Under Windows Defender Security Center/App & browser control/Exploit >> protection/Exploit protection settings/System settings/Force >> randomization for >> images (Mandatory ASLR) - "Force relocation of images not compiled with >> /DYNAMICBASE" is "Off by default", whereas Randomize memory allocations >> (Bottom-up ASLR) - "Randomize locations for virtual memory >> allocations." and all >> other settings are "On by default". >> >> Under Windows Defender Security Center/App & browser control/Exploit >> protection/Exploit protection settings/Program settings various .exes >> have 0-2 >> system overrides of settings. >> >> I used the Export settings selection at the bottom to export the >> settings, which >> use the implied System settings defaults, and include the Program >> settings >> system overrides shown in the attached xml file. >> >> It may be useful if you could export your default and updated >> settings for >> comparison and information. >> It would be nice if one of the project volunteers with Windows threat >> mitigation >> knowledge could look at these, to see if there is a better approach. >> >> I expect to get updated the next time I restart, as I have been seeing >> notifications to that effect, and will not be surprised if my system >> startup >> Cygwin shell scripts fail. > I guess Andreas' suggestion is confirmed by > https://github.com/mintty/wsltty/issues/6#issuecomment-361281467 > Thomas > > -- > Problem reports:       http://cygwin.com/problems.html > FAQ:                   http://cygwin.com/faq/ > Documentation:         http://cygwin.com/docs.html > Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple > > -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple