This is the mail archive of the
mailing list for the Cygwin project.
another question about cygwin bash trying to make connections
- From: LMH <lmh_users-groups at molconn dot com>
- To: cygwin at cygwin dot com
- Date: Tue, 7 Jan 2020 15:58:55 -0500
- Subject: another question about cygwin bash trying to make connections
Every single time run bash in a terminal, I get the following firewall alerts,
An attempt to communicate a foreign process has been detected.
Target PID: 1616
Image Name: svchost.exe
A potential threat to network traffic interception or injection has been detected.
This is when running a script that invokes bash with the shebang. The same thing
happens if I just run bash with no arguments. On every run of bash, bash tries to IPC
with svchost.exe. The second alert for network traffic injection suggests that
bash.exe is attempting to use svchost to make a network connection. This is common
enough since svchost.exe has unfiltered network connection permission on most systems
(stupid in my opinion).
I have looked in all of the versions of .bashrc and .bash_profile and don't see
anything there that looks relevant. I presume that bash is trying to do something
like check to see if it needs to be updated. In that case, I have never understood
why bash.exe needs to try to connect through another process instead of just making
the connection itself. If this is something else, well, who knows.
The attempted IPC is entirely unnecessary as blocking both alerts has no effect
How should I go about trying to run this down? I can just create the rule to
permanently block the IPC and network traffic injection, but I would prefer to stop
the connection attempt from what is triggering it. That would allow me to see new
alerts if it happens again.
This is the version of bash,
GNU bash, version 4.3.42(4)-release (i686-pc-cygwin)
it would be very helpful as a first step if I could find a verified digital signature
for this version of bash. The index here,
gives an archive of bash with a signature for each tar.gz but not the signature for
each version of the extracted binary.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple