msg177077 - (view) |
Author: Christian Heimes (christian.heimes) * |
Date: 2012-12-07 10:23 |
Python 3.3 doesn't use address space layout randomization [1] and data execution prevention [2] on Windows. ASLR and DEP make certain kinds of attacks harder. An attacker can't predict the address of functions or globals anymore and DEP helps against NOP sled attacks.
Python's test suite runs fine with DEP and ASLR on AMD64. I see a crash in test_capi and a couple of crashes in test_faulthandler but these don't seem to be related.
[1] http://en.wikipedia.org/wiki/ASLR
[2] http://en.wikipedia.org/wiki/Data_Execution_Prevention
|
msg177084 - (view) |
Author: Martin v. Löwis (loewis) * |
Date: 2012-12-07 12:56 |
I'm +0. There is a risk that this may break 3rd-party extension modules.
|
msg177216 - (view) |
Author: Lukas Lueg (ebfe) |
Date: 2012-12-09 13:34 |
Only way to be sure: Enable & announce for 3.5 and wait for bug reports
|
msg177217 - (view) |
Author: Christian Heimes (christian.heimes) * |
Date: 2012-12-09 13:45 |
DEP isn't much of an issue. It's automatically disabled for the entire process when one library w/o DEP is loaded.
|
msg177290 - (view) |
Author: Martin v. Löwis (loewis) * |
Date: 2012-12-10 13:38 |
I don't think much caution is needed. If problems don't show up in the beta releases, we can still revert the change for 3.4.1.
Christian, please go ahead and check this in.
|
msg182970 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2013-02-25 18:29 |
> I see a crash in test_capi and a couple of crashes
> in test_faulthandler but these don't seem to be related.
Which kind of crash? faulthandler has functions to make Python crash, crashes are expected :-)
|
msg201122 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2013-10-24 12:56 |
@Crys: ping?
|
msg201123 - (view) |
Author: Christian Heimes (christian.heimes) * |
Date: 2013-10-24 12:58 |
I'll look in this next time my Windows VM is running.
|
msg201145 - (view) |
Author: Stefan Krah (skrah) * |
Date: 2013-10-24 15:00 |
> I see a crash in test_capi and a couple of crashes
> in test_faulthandler but these don't seem to be related.
Perhaps the same as #9116.
|
msg203185 - (view) |
Author: Christian Heimes (christian.heimes) * |
Date: 2013-11-17 14:45 |
I no longer see the crashs.
|
msg203504 - (view) |
Author: Roundup Robot (python-dev) |
Date: 2013-11-20 16:43 |
New changeset cb1691d42101 by Christian Heimes in branch 'default':
Issue #16632: Enable DEP and ASLR on Windows.
http://hg.python.org/cpython/rev/cb1691d42101
|
msg235218 - (view) |
Author: Ricky Zhou (ricky) |
Date: 2015-02-02 02:15 |
Sorry to revive this old bug, but would it be possible to get ASLR/DEP for windows on the 2.7 branch as well?
Also, re Christian's comment about DEP being disabled if a single libray doesn't support it - are you sure that's the case? I'm very new to windows stuff, but the only information about this I saw online was http://0xdabbad00.com/2012/12/07/dep-data-execution-prevention-explanation/, which says that only /NXCOMPAT on the EXE matters.
|
msg235241 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2015-02-02 11:24 |
I reopen the issue, so the question of porting the change to Python 2.7 can be replied.
|
msg271669 - (view) |
Author: Berker Peksag (berker.peksag) * |
Date: 2016-07-30 08:01 |
This has already been backported to 2.7 in issue 24508.
|
|
Date |
User |
Action |
Args |
2022-04-11 14:57:39 | admin | set | github: 60836 |
2016-07-30 08:01:32 | berker.peksag | set | status: open -> closed
nosy:
+ berker.peksag messages:
+ msg271669
resolution: fixed |
2016-06-12 11:25:02 | christian.heimes | set | assignee: christian.heimes -> |
2015-02-02 11:24:26 | vstinner | set | status: closed -> open
nosy:
+ steve.dower messages:
+ msg235241
resolution: fixed -> (no value) |
2015-02-02 02:15:18 | ricky | set | nosy:
+ ricky messages:
+ msg235218
|
2013-11-20 16:44:21 | christian.heimes | set | status: open -> closed resolution: fixed stage: commit review -> resolved |
2013-11-20 16:43:32 | python-dev | set | nosy:
+ python-dev messages:
+ msg203504
|
2013-11-17 14:45:24 | christian.heimes | set | messages:
+ msg203185 |
2013-10-24 15:00:08 | skrah | set | nosy:
+ skrah messages:
+ msg201145
|
2013-10-24 12:58:00 | christian.heimes | set | assignee: christian.heimes messages:
+ msg201123 |
2013-10-24 12:56:43 | vstinner | set | messages:
+ msg201122 |
2013-10-24 12:45:21 | tim.golden | set | nosy:
- tim.golden
|
2013-02-25 18:31:11 | ebfe | set | nosy:
- ebfe
|
2013-02-25 18:29:53 | vstinner | set | nosy:
+ vstinner messages:
+ msg182970
|
2013-02-23 21:37:21 | devin | set | nosy:
+ devin
|
2012-12-10 13:38:38 | loewis | set | messages:
+ msg177290 stage: test needed -> commit review |
2012-12-10 13:05:32 | jcea | set | nosy:
+ jcea
|
2012-12-09 13:45:23 | christian.heimes | set | messages:
+ msg177217 |
2012-12-09 13:34:58 | ebfe | set | nosy:
+ ebfe messages:
+ msg177216
|
2012-12-08 19:23:52 | pitrou | set | nosy:
+ tim.golden, brian.curtin
|
2012-12-07 12:56:53 | loewis | set | nosy:
+ loewis messages:
+ msg177084
|
2012-12-07 10:23:01 | christian.heimes | create | |