From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from sa-prd-fep-046.btinternet.com (mailomta2-sa.btinternet.com [213.120.69.8]) by sourceware.org (Postfix) with ESMTPS id 90C7B3858C2F for ; Thu, 25 Aug 2022 17:11:35 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 90C7B3858C2F Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=dronecode.org.uk Authentication-Results: sourceware.org; spf=none smtp.mailfrom=dronecode.org.uk Received: from sa-prd-rgout-002.btmx-prd.synchronoss.net ([10.2.38.5]) by sa-prd-fep-046.btinternet.com with ESMTP id <20220825171134.HSVT3113.sa-prd-fep-046.btinternet.com@sa-prd-rgout-002.btmx-prd.synchronoss.net>; Thu, 25 Aug 2022 18:11:34 +0100 Authentication-Results: btinternet.com; auth=pass (PLAIN) smtp.auth=jonturney@btinternet.com; bimi=skipped X-SNCR-Rigid: 6139417C3739099A X-Originating-IP: [86.139.158.127] X-OWM-Source-IP: 86.139.158.127 (GB) X-OWM-Env-Sender: jonturney@btinternet.com X-VadeSecure-score: verdict=clean score=0/300, class=clean X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedvfedrvdejfedguddtkecutefuodetggdotefrodftvfcurfhrohhfihhlvgemuceutffkvffkuffjvffgnffgvefqofdpqfgfvfenuceurghilhhouhhtmecufedtudenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepkfffgggfvfhfhffujggtgfesthejredttdefjeenucfhrhhomheplfhonhcuvfhurhhnvgihuceojhhonhdrthhurhhnvgihsegurhhonhgvtghouggvrdhorhhgrdhukheqnecuggftrfgrthhtvghrnhepfeejfedvgfegfefhhfehjedulefhhedvffetveeikefgfeeigfduteffieevhefhnecuffhomhgrihhnpegthihgfihinhdrtghomhenucfkphepkeeirddufeelrdduheekrdduvdejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehhvghloheplgduledvrdduieekrddurddutdehngdpihhnvghtpeekiedrudefledrudehkedruddvjedpmhgrihhlfhhrohhmpehjohhnrdhtuhhrnhgvhiesughrohhnvggtohguvgdrohhrghdruhhkpdhnsggprhgtphhtthhopedvpdhrtghpthhtohepsghrihgrnhdrtghofigrnheshhgtlhdrtghomhdprhgtphhtthhopegthihgfihinhestgihghifihhnrdgtohhm X-RazorGate-Vade-Verdict: clean 0 X-RazorGate-Vade-Classification: clean Received: from [192.168.1.105] (86.139.158.127) by sa-prd-rgout-002.btmx-prd.synchronoss.net (5.8.716.04) (authenticated as jonturney@btinternet.com) id 6139417C3739099A; Thu, 25 Aug 2022 18:11:34 +0100 Message-ID: Date: Thu, 25 Aug 2022 18:11:33 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 Content-Language: en-GB To: cygwin@cygwin.com, Brian Cowan References: <20220825165242.pkxoey67iyvmdqim@lucy.dinwoodie.org> From: Jon Turney Subject: Re: Does the Cygwin setup program do internal sanity checks on startup? In-Reply-To: <20220825165242.pkxoey67iyvmdqim@lucy.dinwoodie.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3568.8 required=5.0 tests=BAYES_00,FORGED_SPF_HELO,KAM_DMARC_STATUS,KAM_LAZY_DOMAIN_SECURITY,NICE_REPLY_A,RCVD_IN_BARRACUDACENTRAL,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 25/08/2022 17:52, Adam Dinwoodie wrote: > On Wed, Aug 24, 2022 at 08:46:10PM +0000, Brian Cowan via Cygwin wrote: >>Does the Cygwin setup program do internal sanity checks on startup? Not as such. And if it did, the behaviour when the fails should be to say those checks have failed, rather than crash apparently randomly... >> Why would I ask that question? Because I have a host running a >> hodgepodge of company-mandated security software, and -- only on that >> host -- the Cygwin setup tool crashes... >> >> Oddities: >> 1. The crash generates 3 dump files when I use procdump, which is odd >> since I "normally" only get 2 identical dumps from procdump. >> 2. A Websense ForcePoint DLP DLL is loaded in the process space, >> apparently through DLL injection. >> 3. There seem to be 3 threads started, only one of which is the setup >> program's "main" function. I had to get that out of a Process Monitor >> log since the dump files are largely content free. >> 4. The crash is unique to the setup program. Nothing else appears to >> fail. >> >> The crash is an "illegal instruction" dump, which of course doesn't >> make a lot of sense... This could be one of the other security >> packages/policies on this host being "helpful." >> >> I need ammunition to take to my internal Mordak's so I can update >> Cygwin... Sure I can use WSL, but not for everything. > > This sounds like classic "BLODA": applications that interfere with how > Cygwin provides *nix compatibility. There's more info in the FAQs at > https://cygwin.com/faq/faq.html#faq.using.bloda, but in short it seems > very likely that this problem is caused by some security software > running on this system. This does indeed sound like interference by some other software. But the setup program is not a Cygwin executable (it's not linked with the cygwin DLL because (i) it's not present before setup has installed it, and (ii) updating that DLL from setup while setup is using is problematic... Note that the Cygwin setup executable as distributed is packed with UPX, which could very well interfere with the expectations of a poorly written injected DLL. (You can reverse that compression by running 'upx -d' on the setup executable)