X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-1.8 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By:	sourceware.org
Message-ID:	<4D029F7D.5070106@gmx.de>
Date:	Fri, 10 Dec 2010 22:45:33 +0100
From:	Matthias Andree <matthias DOT andree AT gmx DOT de>
User-Agent:	Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: 1.7.7: rm -rf sometimes fails - race condition?
References:	<4D026815 DOT 4070606 AT gmx DOT de> <20101210182652 DOT GA27615 AT ednor DOT casa DOT cgf DOT cx> <4D027DDE DOT 1000905 AT gmx DOT de> <4D029937 DOT 5080007 AT etr-usa DOT com>
In-Reply-To:	<4D029937.5080007@etr-usa.com>
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

Am 10.12.2010 22:18, schrieb Warren Young:
> On 12/10/2010 12:22 PM, Matthias Andree wrote:
>>>> Has anyone seen similar things?
>>>
>>> Yes and you seem to have nailed the problem - it happens when a virus checker
>>> hooks into a syscall and allows it to return before completion.  I don't think
>>> we want to modify Cygwin to not trust success return values from system calls.
>>
>> Well, I don't know a solution but I think this is unexpected behaviour.
> 
> When some bit of third-party software patches the kernel and breaks its 
> API -- which includes details like "when this call returns a success 
> code, it means it succeeded" -- that is going to result in unexpected 
> behavior in any program that calls that syscall.
> 
> If you were to take a survey of existing Windows programs and sort them 
> according to density of calls into the deepest parts of the Windows 
> kernel, I'd bet Cygwin would be way over at the high-density end.  Since 
> antimalware programs hook these same parts of the kernel to do their 
> job, bugs in those hooks will affect Cygwin more often than most other 
> Windows programs.
> 
> Cygwin doesn't -- and shouldn't -- patch around such bugs.  Cygwin 
> probably contains code to work around bugs in Windows itself, but that's 
> as far as it should go.
> 
> You say you've disabled your antimalware software and the problem 
> persists.  I doubt you've actually gotten yourself back to a stock 
> Windows configuration, but if so, you should be able to write a program 
> that will show the same behavior on anyone's system.  If you can do 
> that, I think a fix would shortly follow.  I'm not making promises of 
> other people's resources, just making a history-based prediction.

Certainly I don't get back to a stock Windows configuration, and that's hardly
what a typical Cygwin installation would look like anyways; however, the
software that's failing is rm.exe in certain circumstances when running "cygport
fetchmail-6.3.19-1 all", so it's not exactly rocket science I've been trying :)

Is there any software other than Helios that would be recommended to list
patched/hooked (non-Windows-/Microsoft) system calls?  Perhaps I can find out
what application or service might cause that.

Can strace-ing rm.exe be any good for debugging here?

-- 
Matthias Andree

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -