On 2025-05-03 12:49, Roland Mainz via Cygwin wrote:
On Sat, May 3, 2025 at 8:21 PM Roland Mainz <roland.ma...@nrubsig.org> wrote:
Is it somehow possible that the CI+Release binaries (*.exe, *.dll) can
be signed with signtool
(https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool) ?
It seems that Microsoft Defender has become overly aggressive to some
Cygwin binaries (mostly /usr/bin/hostname, /usr/bin/find, /usr/bin/tar
etc.) in the last couple of weeks and just blocks them.
Our IT supports that they can "whitelist" binaries based on their
cryptographic signature... but neither the binaries from the CI nor
the Release binaries have any signatures...
BTW: The Windows Defender rule which causes /usr/bin/find.exe,
/usr/bin/hostname.exe etc. to be blocked is "Block use of copied or
impersonated system tools" (C0033C00-D16D-4114-A5A0-DC9B3A7D2CEB) ...
Where can we see these rules?
Can your paid IT support not modify those rules to bypass Cygwin installs?
And maybe share how to with the open source community?
Presumably we are providing you with a valuable commodity with valuable utility
as well as a valuable freedom to do with it as you like.
Perhaps you could repay that valuable freedom, by using some of your valuable
resources to figure out and implement workarounds to proprietary barriers to our
freedom to use that commodity, and share those with the community!
BTW those MS Windows provided utilities are badly outdated, and many have
security risks with CVEs against them, so should be replaced with the latest
upstream Windows builds ASAP.
Perhaps MS should be lambasted for blocking users who choose to install and use
versions of utilities from sources which are more current than those provided by
MS, with the security risks eliminated by unpaid volunteers who support secure
software which offers their users freedom and do it in their free time!
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retrancher but when there is no more to cut
-- Antoine de Saint-Exupéry
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
