From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.138]) by sourceware.org (Postfix) with ESMTPS id E3B333857807 for ; Tue, 25 Aug 2020 15:13:21 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org E3B333857807 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=SystematicSw.ab.ca Authentication-Results: sourceware.org; spf=none smtp.mailfrom=brian.inglis@systematicsw.ab.ca Received: from [192.168.1.104] ([24.64.172.44]) by shaw.ca with ESMTP id AadTkgpyTYYpxAadUkQJRm; Tue, 25 Aug 2020 09:13:21 -0600 X-Authority-Analysis: v=2.3 cv=OubUNx3t c=1 sm=1 tr=0 a=kiZT5GMN3KAWqtYcXc+/4Q==:117 a=kiZT5GMN3KAWqtYcXc+/4Q==:17 a=IkcTkHD0fZMA:10 a=hdRXkmhwMW818UcEnHQA:9 a=nObNLBvuN_n9iRtF:21 a=0QxGHdOXivlB4M3K:21 a=QEXdDO2ut3YA:10 Reply-To: cygwin@cygwin.com Subject: Re: Mandatory ASLR breaks Cygwin - Windows 10 To: cygwin@cygwin.com References: <4AA035EB-1325-4C1B-B399-28FC9176F203@roc.cs.umass.edu> <006c01d67aed$2f7f0660$8e7d1320$@linuxandria.com> From: Brian Inglis Autocrypt: addr=Brian.Inglis@SystematicSw.ab.ca; prefer-encrypt=mutual; keydata= mDMEXopx8xYJKwYBBAHaRw8BAQdAnCK0qv/xwUCCZQoA9BHRYpstERrspfT0NkUWQVuoePa0 LkJyaWFuIEluZ2xpcyA8QnJpYW4uSW5nbGlzQFN5c3RlbWF0aWNTdy5hYi5jYT6IlgQTFggA PhYhBMM5/lbU970GBS2bZB62lxu92I8YBQJeinHzAhsDBQkJZgGABQsJCAcCBhUKCQgLAgQW AgMBAh4BAheAAAoJEB62lxu92I8Y0ioBAI8xrggNxziAVmr+Xm6nnyjoujMqWcq3oEhlYGAO WacZAQDFtdDx2koSVSoOmfaOyRTbIWSf9/Cjai29060fsmdsDLg4BF6KcfMSCisGAQQBl1UB BQEBB0Awv8kHI2PaEgViDqzbnoe8B9KMHoBZLS92HdC7ZPh8HQMBCAeIfgQYFggAJhYhBMM5 /lbU970GBS2bZB62lxu92I8YBQJeinHzAhsMBQkJZgGAAAoJEB62lxu92I8YZwUBAJw/74rF IyaSsGI7ewCdCy88Lce/kdwX7zGwid+f8NZ3AQC/ezTFFi5obXnyMxZJN464nPXiggtT9gN5 RSyTY8X+AQ== Organization: Systematic Software Message-ID: Date: Tue, 25 Aug 2020 09:13:19 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 MIME-Version: 1.0 In-Reply-To: <006c01d67aed$2f7f0660$8e7d1320$@linuxandria.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-CA Content-Transfer-Encoding: 8bit X-CMAE-Envelope: MS4wfINDXftplLdX3kdNGEVPpyAD6nEvgJ+o8G1UiRZfb3S/oxJUYmnRNraiTF2Xb1PCkQPS43l58NPSb+dkC5cxwFSY4HOu3YtayM/YNj4bNq+IBN9MoWL3 +Mop57bvgZJ5WcY8sPmh4glUqXFa/ldENDLZMsZ/JZ2BvrPNSbt8/GFVEzGGFtZrqJ1aex/pitBSlQ== X-Spam-Status: No, score=-8.2 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_NUMSUBJECT, NICE_REPLY_A, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2020 15:13:23 -0000 On 2020-08-25 08:36, Alexandria Cortez wrote: > On Tuesday, August 25, 2020 10:35 AM, Eliot Moss wrote:>> On Aug 25, 2020, at 10:17 AM, Alexandria Cortez wrote: >>> I was experimenting with security settings this morning on windows, and >>> after changing Mandatory ASLR (Windows Security -> App and Browser Control >>> -> Exploit Protection) to default on, no Cygwin programs that rely on the >>> Cygwin dll would start, stating that a resource was temporarily unavailable >>> and could not fork. Rebasell, bash, you name it crashed and would not start. >>> After some investigation, turning off that setting allows Cygwin to work. >>> >>> Now the next question: why does this not work? Is this intended behavior or >>> a bug? Having that setting turned on seems like a good idea from a security >>> standpoint, and who knows it may eventually become default. >> It’s intentional; too long to explain in detail on phone, but fork >> requires each dll to load in the child at the same address as in the >> parent, and ASLR interferes with achieving that. > Is there any plans to implement a workaround in the future? Seeing as Cygwin > is only one of two programs I've noticed that are broken with it on, it > would be nice to be able to have it on from a security perspective. Cygwin is an all-volunteer project - Someone Has To Do It! Feel free to submit patches to support that in Cygwin under Windows. A low level understanding of details of both is required. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in IEC units and prefixes, physical quantities in SI.]