This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

another question about cygwin bash trying to make connections


Hello,

Every single time run bash in a terminal, I get the following firewall alerts,

C:\cygwin\bin\bash.exe
An attempt to communicate a foreign process has been detected.
Target PID: 1616
Image Name: svchost.exe

C:\cygwin\bin\bash.exe
A potential threat to network traffic interception or injection has been detected.

This is when running a script that invokes bash with the shebang. The same thing
happens if I just run bash with no arguments. On every run of bash, bash tries to IPC
with svchost.exe. The second alert for network traffic injection suggests that
bash.exe is attempting to use svchost to make a network connection. This is common
enough since svchost.exe has unfiltered network connection permission on most systems
(stupid in my opinion).

I have looked in all of the versions of .bashrc and .bash_profile and don't see
anything there that looks relevant. I presume that bash is trying to do something
like check to see if it needs to be updated. In that case, I have never understood
why bash.exe needs to try to connect through another process instead of just making
the connection itself. If this is something else, well, who knows.

The attempted IPC is entirely unnecessary as blocking both alerts has no effect
whatsoever.

How should I go about trying to run this down? I can just create the rule to
permanently block the IPC and network traffic injection, but I would prefer to stop
the connection attempt from what is triggering it. That would allow me to see new
alerts if it happens again.

This is the version of bash,

GNU bash, version 4.3.42(4)-release (i686-pc-cygwin)

it would be very helpful as a first step if I could find a verified digital signature
for this version of bash. The index here,

https://ftp.gnu.org/gnu/bash/

gives an archive of bash with a signature for each tar.gz but not the signature for
each version of the extracted binary.

Thanks,

LMH

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]