X-Recipient:	archive-cygwin AT delorie DOT com
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.1 sourceware.org 90C7B3858C2F
Authentication-Results:	sourceware.org; dmarc=none (p=none dis=none)
	header.from=dronecode.org.uk
Authentication-Results:	sourceware.org; spf=none smtp.mailfrom=dronecode.org.uk
Authentication-Results:	btinternet.com;
	auth=pass (PLAIN) smtp.auth=jonturney AT btinternet DOT com;
	bimi=skipped
X-SNCR-Rigid:	6139417C3739099A
X-Originating-IP:	[86.139.158.127]
X-OWM-Source-IP:	86.139.158.127 (GB)
X-OWM-Env-Sender:	jonturney AT btinternet DOT com
X-VadeSecure-score:	verdict=clean score=0/300, class=clean
X-RazorGate-Vade:	gggruggvucftvghtrhhoucdtuddrgedvfedrvdejfedguddtkecutefuodetggdotefrodftvfcurfhrohhfihhlvgemuceutffkvffkuffjvffgnffgvefqofdpqfgfvfenuceurghilhhouhhtmecufedtudenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepkfffgggfvfhfhffujggtgfesthejredttdefjeenucfhrhhomheplfhonhcuvfhurhhnvgihuceojhhonhdrthhurhhnvgihsegurhhonhgvtghouggvrdhorhhgrdhukheqnecuggftrfgrthhtvghrnhepfeejfedvgfegfefhhfehjedulefhhedvffetveeikefgfeeigfduteffieevhefhnecuffhomhgrihhnpegthihgfihinhdrtghomhenucfkphepkeeirddufeelrdduheekrdduvdejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehhvghloheplgduledvrdduieekrddurddutdehngdpihhnvghtpeekiedrudefledrudehkedruddvjedpmhgrihhlfhhrohhmpehjohhnrdhtuhhrnhgvhiesughrohhnvggtohguvgdrohhrghdruhhkpdhnsggprhgtphhtthhopedvpdhrtghpthhtohepsghrihgrnhdrtghofigrnheshhgtlhdrtghomhdprhgtphhtthhopegthihgfihinhestgihghifihhnrdgtohhm
X-RazorGate-Vade-Verdict:	clean 0
X-RazorGate-Vade-Classification:	clean
Message-ID:	<c4261e67-f6ee-20e4-50f3-335783ba558b@dronecode.org.uk>
Date:	Thu, 25 Aug 2022 18:11:33 +0100
MIME-Version:	1.0
User-Agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
	Thunderbird/91.12.0
To:	cygwin AT cygwin DOT com, Brian Cowan <brian DOT cowan AT hcl DOT com>
References:	<SI2PR04MB5821A74D1F4EA6E27DEA3D82FE739 AT SI2PR04MB5821 DOT apcprd04 DOT prod DOT outlook DOT com>
	<20220825165242 DOT pkxoey67iyvmdqim AT lucy DOT dinwoodie DOT org>
From:	Jon Turney <jon DOT turney AT dronecode DOT org DOT uk>
Subject:	Re: Does the Cygwin setup program do internal sanity checks on
	startup?
In-Reply-To:	<20220825165242.pkxoey67iyvmdqim@lucy.dinwoodie.org>
X-Spam-Status:	No, score=-3568.8 required=5.0 tests=BAYES_00, FORGED_SPF_HELO,
	KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, NICE_REPLY_A,
	RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, SPF_NONE, TXREP,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version:	SpamAssassin 3.4.6 (2021-04-09) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Errors-To:	cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

On 25/08/2022 17:52, Adam Dinwoodie wrote:
> On Wed, Aug 24, 2022 at 08:46:10PM +0000, Brian Cowan via Cygwin wrote:
 >>Does the Cygwin setup program do internal sanity checks on startup?

Not as such.  And if it did, the behaviour when the fails should be to 
say those checks have failed, rather than crash apparently randomly...

>> Why would I ask that question? Because I have a host running a
>> hodgepodge of company-mandated security software, and -- only on that
>> host -- the Cygwin setup tool crashes...
>>
>> Oddities:
>> 1. The crash generates 3 dump files when I use procdump, which is odd
>> since I "normally" only get 2 identical dumps from procdump.
>> 2. A Websense ForcePoint DLP DLL is loaded in the process space,
>> apparently through DLL injection.
>> 3. There seem to be 3 threads started, only one of which is the setup
>> program's "main" function. I had to get that out of a Process Monitor
>> log since the dump files are largely content free.
>> 4. The crash is unique to the setup program. Nothing else appears to
>> fail.
>>
>> The crash is an "illegal instruction" dump, which of course doesn't
>> make a lot of sense... This could be one of the other security
>> packages/policies on this host being "helpful."
>>
>> I need ammunition to take to my internal Mordak's so I can update
>> Cygwin... Sure I can use WSL, but not for everything.
> 
> This sounds like classic "BLODA": applications that interfere with how
> Cygwin provides *nix compatibility.  There's more info in the FAQs at
> https://cygwin.com/faq/faq.html#faq.using.bloda, but in short it seems
> very likely that this problem is caused by some security software
> running on this system.

This does indeed sound like interference by some other software.

But the setup program is not a Cygwin executable (it's not linked with 
the cygwin DLL because (i) it's not present before setup has installed 
it, and (ii) updating that DLL from setup while setup is using is 
problematic...

Note that the Cygwin setup executable as distributed is packed with UPX, 
which could very well interfere with the expectations of a poorly 
written injected DLL.

(You can reverse that compression by running 'upx -d' on the setup 
executable)

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -