W10 Mandatory ASLR default
Andreas Schiffler
aschiffler@ferzkopp.net
Wed Feb 14 07:36:00 GMT 2018
Here is the registry state:
Mandatory ASLR off
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationOptions"=hex:00,02,22,00,00,00,00,00,00,00,00,00,00,00,00,00
Mandatory ASLR on
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationOptions"=hex:00,01,21,00,00,00,00,00,00,00,00,00,00,00,00,00
On 2/13/2018 11:17 PM, Thomas Wolff wrote:
> Am 14.02.2018 um 04:25 schrieb Brian Inglis:
>> On 2018-02-12 21:58, Andreas Schiffler wrote:
>>> Found the workaround (read: not really a solution as it leaves the
>>> system
>>> vulnerable, but it unblocks cygwin)
>>> - Go to Windows Defender Security Center - Exploit protection settings
>>> - Disable System Settings - Force randomization for images
>>> (Mandatory ASLR) and
>>> Randomize memory allocations (Bottom-up ASLR) from "On by default"
>>> to "Off by
>>> default"
>>>
>>> Now setup.exe works and can rebase everything; after that Cygwin
>>> Terminal starts
>>> as a working shell without problems.
>>>
>>> @cygwin dev's - It seems one of the windows updates (system is on
>>> 1709 build
>>> 16299.214) might have changed my ASLR settings to "system wide
>>> mandatory" (i.e.
>>> see
>>> https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/
>>>
>>> for info) so that the cygwin DLLs don't work correctly anymore (i.e.
>>> see old
>>> thread about this topic here
>>> https://www.cygwin.com/ml/cygwin/2013-06/msg00092.html).
>>> This change might have made it into the system as part of the
>>> security update
>>> for Meltdown+Spectre (I am speculating), but that could explain why
>>> my cygwin
>>> installation that worked fine before (i.e. mid-2017) stopped working
>>> suddenly
>>> (beginning 2018). It would be good to devize a test for the
>>> setup.exe that
>>> checks the registry (likely
>>> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
>>> Manager\kernel])
>>> for this state and alerts the user.
>> I'm on W10 Home 1709/16299.192 (slightly older).
>>
>> Under Windows Defender Security Center/App & browser control/Exploit
>> protection/Exploit protection settings/System settings/Force
>> randomization for
>> images (Mandatory ASLR) - "Force relocation of images not compiled with
>> /DYNAMICBASE" is "Off by default", whereas Randomize memory allocations
>> (Bottom-up ASLR) - "Randomize locations for virtual memory
>> allocations." and all
>> other settings are "On by default".
>>
>> Under Windows Defender Security Center/App & browser control/Exploit
>> protection/Exploit protection settings/Program settings various .exes
>> have 0-2
>> system overrides of settings.
>>
>> I used the Export settings selection at the bottom to export the
>> settings, which
>> use the implied System settings defaults, and include the Program
>> settings
>> system overrides shown in the attached xml file.
>>
>> It may be useful if you could export your default and updated
>> settings for
>> comparison and information.
>> It would be nice if one of the project volunteers with Windows threat
>> mitigation
>> knowledge could look at these, to see if there is a better approach.
>>
>> I expect to get updated the next time I restart, as I have been seeing
>> notifications to that effect, and will not be surprised if my system
>> startup
>> Cygwin shell scripts fail.
> I guess Andreas' suggestion is confirmed by
> https://github.com/mintty/wsltty/issues/6#issuecomment-361281467
> Thomas
>
> --
> Problem reports:Â Â Â Â Â Â http://cygwin.com/problems.html
> FAQ:Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â http://cygwin.com/faq/
> Documentation:Â Â Â Â Â Â Â Â http://cygwin.com/docs.html
> Unsubscribe info:Â Â Â Â Â http://cygwin.com/ml/#unsubscribe-simple
>
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list