Re: Moses with Cygwin on Windows 7

[cbsa01]

Dear Eliot,

many thanks for your reply.  On why we need cygwin: the language model  
we use is IRSTLM. The native windows build of Moses does not currently  
use IRSTLM LMs.


I have been reading up a bit about debasing DLLs, and I gather from  
http://www.codeproject.com/KB/DLL/RebaseDll.aspx that the purpose is  
to avoid either two or more DLLs using the same preferred base  
addresses, or the overheads of relocation.  However, on  
http://social.msdn.microsoft.com/Forums/en-US/vcgeneral/thread/bac7e300-f3df-4087-9c4b-847880d625ad, it is suggested that from Vista onwards, it is better to leave this to the operating systems's ASLR (Address space layout randomization) in order to help defeat a ?return-to-libc? attack. Do you agree with this? If it is still necessary to do a rebase, what does your script do that rebaseall  
doesn't?


Re UAC prompts: this does look annoying but corporate security  
regulations may prevent us from turning it off completely.  Is there  
some way to turn it off for individual programs without using  
third-party software?


Thank you,
Llio Humphreys





Quoting Eliot Moss :


Cygwin under Windows 7 works fine for me.  The things
I noticed were:

- It was helpful to some things, especially perl and things
  built from it, to rebase all the dlls.  I have a script
  for that, though rebaseall may do it for you.

- Since I am just a single user, etc., I disable the Windows
  Vista/7 UAC controls so that more things run without annoying
  popups to ask permission (and some things just won't run
  without further fiddling if UAC is on).

I think people have resolved UAC issues with further work,
but it seems to be a topic that comes up from time to time.
That is, for sophisticated things it can be tricky to get
them going with UAC on.

A quick glance at Moses suggests that it can just be done
under regular Windows using Visual Studio, so why cygwin at all?

-- Eliot Moss





This message was sent using IMP, the Internet Messaging Program.




--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: Moses with Cygwin on Windows 7

[cbsa01]

Dear Eliot,
your script does indeed sound much better.  Is it available to share?   
Many thanks for sharing your insights in any case.

Best regards,
Llio Humphreys

Quoting Eliot Moss :


On 8/7/2010 5:23 PM, cbs...@bangor.ac.uk wrote:

many thanks for your reply. On why we need cygwin: the language   
model we use is IRSTLM. The native

windows build of Moses does not currently use IRSTLM LMs.


I know next to nothing about Moses, so I'll just trust you on this one!


I have been reading up a bit about debasing DLLs, and I gather from
http://www.codeproject.com/KB/DLL/RebaseDll.aspx that the purpose   
is to avoid either two or more
DLLs using the same preferred base addresses, or the overheads of   
relocation. However, on

http://social.msdn.microsoft.com/Forums/en-US/vcgeneral/thread/bac7e300-f3df-4087-9c4b-847880d625ad,
it is suggested that from Vista onwards, it is better to leave this  
 to the operating systems's ASLR
(Address space layout randomization) in order to help defeat a   
?return-to-libc? attack. Do you agree
with this? If it is still necessary to do a rebase, what does your   
script do that rebaseall doesn't?


The problem is that the address space randomization interferes with how
cygwin support fork().  Suppose a parent process maps library A at
address X, but does not map library B at all.  Then suppose a forked
process is not yet using library A, and ends up mapping library B
at an address that overlaps X.  Then the child reaches a point where
it needs to use library A.  The implementation of cygwin requires
that if a parent and child use the same library, it must be at the
same address.  Therefore the child's mapping attempt will block.
That gives a sense of the scenario.  That may not be the exact
case, but it's like that. Basically, we need to guarantee that all
cygwin dlls map to different preferred places.

Yes, this defeats the OS attempt to defeat a security attack.

My script finds and rebases every dll file that cygwin 'find' can
locate, while rebaseall only does certain directories.  For me,
the difference lies in (at least) some perl-related dlls that are
not where rebaseall looks.

Another important thing is that the distance between preferred
locations needs to be a little bigger than the default for rebase,
on Vista (and Windows 7).  This is an obscure thing that Corinna
found a while back and took me quite a while to locate in old
email threads, but before I set that parameter, rebasing did not
work right for me and after adding that it did.  Maybe they have
changed the default by now, but I don't think so.

Re UAC prompts: this does look annoying but corporate security   
regulations may prevent us from
turning it off completely. Is there some way to turn it off for   
individual programs without using

third-party software?


That lies outside my expertise.  I just turned it off.

Best wishes -- Eliot Moss





This message was sent using IMP, the Internet Messaging Program.




--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: Moses with Cygwin on Windows 7

[cbsa01]

Dear Morgan,
thanks for the tip.  Can you turn it off for only some recognised  
programs?  It does not mention this option in Microsoft's online  
Guided Help (http://support.microsoft.com/kb/975788).  Unfortunately,  
I don't have Windows 7 yet so I can't test it myself.

Thanks,
Llio Humphreys

Quoting Morgan Gangwere <0.fracta...@gmail.com>:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/07/2010 05:33 PM, Eliot Moss wrote:
[snip]

Windows 7 has a setting /just/ below the default which turns off the
"Secure Desktop" (Pet name for UAC prompts). If you have some amount of
administrator access, you can probably disable them.

- --
Morgan Gangwere <0 dotpunct fractalus atpunct gmail dotpunct com>
http://sonof.bandit.name/

あなたのお母さんは、ハムスターとあなたの父エルダーベリーのワカサギでした
- - A frenchman.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJMXiwXAAoJEEURiCSotvJDFBsP/13kN+WbgQNzw03Jxp6w3XAc
P6ailneZS5s03/wO/OdnQJiQ7B5iKAlZEKp9qZ4wcLUDaBpQxIGbVrT0umRMB/r2
osMEY8TErQ/Vlro9AknRi2BvSPe1iit0Lm7jQhRPIMnnraYwzziKJWwDUuSXTREE
cj5p9sWgyzvLmtTphVm1kDF94csRBkk9qQI4WLooODGkJeDMP5oFyKRX1mzNYV62
M9QZSr8/QWmXQs9lT3F2bkLRJGBrmUyfoLayNJ4+1BnNl7FfGHGQc0UqpqhHD8sD
DvbXe3b7y7LPjb/dTGqGj4P3AuCZxNgtrYOuFfP4v/MZoyhj41SwjifBBFDKin97
u3sgVUXRJuSbNnzNIOPL5dk6U8nb2zo4enNzqdBNi4XfmJsidlAYhjWgGWCbfkRU
6uuJA4hAIrf/07Co/oG7q9jI7mueEIGTvxqguR67cNw+aRrCLWyNsLBOTCOUfRY3
TOjG5WBdO3MTO819V/KJdlpJ46vn37atvnvN7IELy/dWkpR7dLzBuinHDU1+V36g
gUDtHNNC/Bv/Yb/c+Qp4umG8aeqRA+scLGToPdc1+bpV9MEk7ps3yfYK4xrmsb8b
yCY6UNtqVdQlmCeVNV0CTjGtkdcTiJbfo8glHKUcBI6vYqCmTnp5Mw3qrBgtHeiB
92ieQKVSh9r6cg4M2hGR
=K8NM
-END PGP SIGNATURE-

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple






This message was sent using IMP, the Internet Messaging Program.




--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple