-
-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable DEP and ASLR #60836
Comments
Python 3.3 doesn't use address space layout randomization [1] and data execution prevention [2] on Windows. ASLR and DEP make certain kinds of attacks harder. An attacker can't predict the address of functions or globals anymore and DEP helps against NOP sled attacks. Python's test suite runs fine with DEP and ASLR on AMD64. I see a crash in test_capi and a couple of crashes in test_faulthandler but these don't seem to be related. [1] http://en.wikipedia.org/wiki/ASLR |
I'm +0. There is a risk that this may break 3rd-party extension modules. |
Only way to be sure: Enable & announce for 3.5 and wait for bug reports |
DEP isn't much of an issue. It's automatically disabled for the entire process when one library w/o DEP is loaded. |
I don't think much caution is needed. If problems don't show up in the beta releases, we can still revert the change for 3.4.1. Christian, please go ahead and check this in. |
Which kind of crash? faulthandler has functions to make Python crash, crashes are expected :-) |
@crys: ping? |
I'll look in this next time my Windows VM is running. |
Perhaps the same as bpo-9116. |
I no longer see the crashs. |
New changeset cb1691d42101 by Christian Heimes in branch 'default': |
Sorry to revive this old bug, but would it be possible to get ASLR/DEP for windows on the 2.7 branch as well? Also, re Christian's comment about DEP being disabled if a single libray doesn't support it - are you sure that's the case? I'm very new to windows stuff, but the only information about this I saw online was http://0xdabbad00.com/2012/12/07/dep-data-execution-prevention-explanation/, which says that only /NXCOMPAT on the EXE matters. |
I reopen the issue, so the question of porting the change to Python 2.7 can be replied. |
This has already been backported to 2.7 in bpo-24508. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: