SegFault running "ls -l" after Microsoft Patch Day
Dr Rainer Woitok
rainer.woitok@gmail.com
Mon Dec 14 13:05:00 GMT 2015
Greetings,
last Wednesday was Windows Patch Day, causing me to install the follow-
ing eighteen patches (the comments ("# ...") reflect what I think the
corresponding knowledge base articles were about):
(KB3085549) Security Update for Microsoft Office 2007 suites
(KB3085616) Security Update for Microsoft Office 2007 suites
(KB3099860) Security Update for Microsoft .NET Framework 3.0 SP2 on
Windows Vista SP2 and Windows Server 2008 SP2 x86
# Remote code execution.
(KB3099869) Security Update for Microsoft .NET Framework 4.5, 4.5.1 and
4.5.2 on Windows Vista and Windows Server 2008 x86
# Remote code execution.
(KB3104002) Cumulative Security Update for Internet Explorer 8 for
Windows Vista
(KB3106614) Security Update for Microsoft Silverlight
# Remote code execution.
(KB3108371) Security Update for Windows Vista
# Remote code execution.
(KB3108381) Security Update for Windows Vista
# Remote code execution.
(KB3109094) Security Update for Windows Vista
# Kernel mode drivers.
(KB3109103) Security Update for Windows Vista
# Privilege escalation, race condition.
(KB3112148) Update for Windows Vista
# Time zone update.
(KB3114422) Security Update for Microsoft Office Excel 2007
(KB3114425) Security Update for Microsoft Office 2007 suites
(KB3114427) Update for Microsoft Office Outlook 2007 Junk Email Filter
(KB3114431) Security Update for Microsoft Office Compatibility Pack
Service Pack 3
(KB3114457) Security Update for Microsoft Office Compatibility Pack
Service Pack 3
(KB3114458) Security Update for Microsoft Office Word 2007
(KB915597) Definition Update for Windows Defender - (Definition
1.211.2110.0)
After that and after the necessary reboot I observed problems regarding
the treatment of Windows Protected Sytem Files on NTFS formatted disks
and USB sticks. These problems were definitely not present before the
Windows update. For example:
$ find /C -maxdepth 2 -type d >/dev/null
find: './Config.Msi': Permission denied
find: './MSOCache': Permission denied
find: './PerfLogs': Permission denied
find: './System Volume Information': Permission denied
$
In the following example I'm not quite sure about "$Recycle.Bin/" and
some of the other Protected System Directories, but "System Volume In-
formation/" definitely never showed up before:
$ ls -F /C | grep /$
$Recycle.Bin/
Boot/
Config.Msi/
Ez3D2009/
Garmin/
Intel/
MSOCache/
MappedFiles/
Microsoft/
NDPS/
PerfLogs/
Program Files/
ProgramData/
System Volume Information/
Temp/
Users/
WTablet/
Windows/
cygwin/
deskupdate.tmp/
fsc.tmp/
$
And finally, and most important:
$ ls -lF /C
Segmentation fault (core dumped)
$
I then started to again uninstall patches one by one, each time checking
with "ls -l". Nothing changed after these five patches were again unin-
stalled:
KB3109094
KB3104002
KB3108371
KB3108381
KB3109103
I then gave up, thinking that uninstalling a Microsoft patch might not
necessarily imply setting every bit which was changed by the patch back
to its original value. And even if I found the offending patch, this
hardly would mean Microsoft would improve it (after all, it only seems
to bite Cygwin). And finally, sooner or later I should re-apply these
patches anyway, because they are critical.
So I rather updated my Cygwin installation, checked whether "find" and
"ls -l" are still choking (they are)-:, and finally ran:
$ strace -o ls-l.trace ls -l /C
510613 [main] ls 6584 cygwin_exception::open_stackdumpfile: Dumping stack trace to ls.exe.stackdump
$
Having attached files "ls-l.trace", "ls.exe.stackdump", and the mandat-
ory "cygcheck.out" below, I now hope someone can provide a patch to work
around these most recent Windows changes.
Sincerely,
Rainer
----------------------------------------------------------------------
| Rainer M Woitok | Phone : (+49 60 93) 487 95 95 |
| KolpingstraÃe 3 | Mobile: (+49 172) 813 6 831 |
| D-63846 Laufach | Mail : Rainer.Woitok@Gmail.Com |
| Germany | |
----------------------------------------------------------------------
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ls-l.trace
URL: <http://cygwin.com/pipermail/cygwin/attachments/20151214/c160379c/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ls.exe.stackdump
URL: <http://cygwin.com/pipermail/cygwin/attachments/20151214/c160379c/attachment-0001.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cygcheck.out
URL: <http://cygwin.com/pipermail/cygwin/attachments/20151214/c160379c/attachment-0002.ksh>
-------------- next part --------------
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list