Does the Cygwin setup program do internal sanity checks on startup?
Thu Aug 25 17:11:33 GMT 2022
On 25/08/2022 17:52, Adam Dinwoodie wrote:
> On Wed, Aug 24, 2022 at 08:46:10PM +0000, Brian Cowan via Cygwin wrote:
>>Does the Cygwin setup program do internal sanity checks on startup?
Not as such. And if it did, the behaviour when the fails should be to
say those checks have failed, rather than crash apparently randomly...
>> Why would I ask that question? Because I have a host running a
>> hodgepodge of company-mandated security software, and -- only on that
>> host -- the Cygwin setup tool crashes...
>> 1. The crash generates 3 dump files when I use procdump, which is odd
>> since I "normally" only get 2 identical dumps from procdump.
>> 2. A Websense ForcePoint DLP DLL is loaded in the process space,
>> apparently through DLL injection.
>> 3. There seem to be 3 threads started, only one of which is the setup
>> program's "main" function. I had to get that out of a Process Monitor
>> log since the dump files are largely content free.
>> 4. The crash is unique to the setup program. Nothing else appears to
>> The crash is an "illegal instruction" dump, which of course doesn't
>> make a lot of sense... This could be one of the other security
>> packages/policies on this host being "helpful."
>> I need ammunition to take to my internal Mordak's so I can update
>> Cygwin... Sure I can use WSL, but not for everything.
> This sounds like classic "BLODA": applications that interfere with how
> Cygwin provides *nix compatibility. There's more info in the FAQs at
> https://cygwin.com/faq/faq.html#faq.using.bloda, but in short it seems
> very likely that this problem is caused by some security software
> running on this system.
This does indeed sound like interference by some other software.
But the setup program is not a Cygwin executable (it's not linked with
the cygwin DLL because (i) it's not present before setup has installed
it, and (ii) updating that DLL from setup while setup is using is
Note that the Cygwin setup executable as distributed is packed with UPX,
which could very well interfere with the expectations of a poorly
written injected DLL.
(You can reverse that compression by running 'upx -d' on the setup
More information about the Cygwin