This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: Enable DEP and ASLR
Type: security Stage: resolved
Components: Windows Versions: Python 3.4
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: berker.peksag, brian.curtin, christian.heimes, devin, jcea, loewis, python-dev, ricky, skrah, steve.dower, vstinner
Priority: normal Keywords: patch

Created on 2012-12-07 10:23 by christian.heimes, last changed 2022-04-11 14:57 by admin. This issue is now closed.

File name Uploaded Description Edit
depaslr.patch christian.heimes, 2012-12-07 10:23 review
Messages (14)
msg177077 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2012-12-07 10:23
Python 3.3 doesn't use address space layout randomization [1] and data execution prevention [2] on Windows. ASLR and DEP make certain kinds of attacks harder. An attacker can't predict the address of functions or globals anymore and DEP helps against NOP sled attacks.

Python's test suite runs fine with DEP and ASLR on AMD64. I see a crash in test_capi and a couple of crashes in test_faulthandler but these don't seem to be related.

msg177084 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2012-12-07 12:56
I'm +0. There is a risk that this may break 3rd-party extension modules.
msg177216 - (view) Author: Lukas Lueg (ebfe) Date: 2012-12-09 13:34
Only way to be sure: Enable & announce for 3.5 and wait for bug reports
msg177217 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2012-12-09 13:45
DEP isn't much of an issue. It's automatically disabled for the entire process when one library w/o DEP is loaded.
msg177290 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2012-12-10 13:38
I don't think much caution is needed. If problems don't show up in the beta releases, we can still revert the change for 3.4.1.

Christian, please go ahead and check this in.
msg182970 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2013-02-25 18:29
> I see a crash in test_capi and a couple of crashes
> in test_faulthandler but these don't seem to be related.

Which kind of crash? faulthandler has functions to make Python crash, crashes are expected :-)
msg201122 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2013-10-24 12:56
@Crys: ping?
msg201123 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-10-24 12:58
I'll look in this next time my Windows VM is running.
msg201145 - (view) Author: Stefan Krah (skrah) * (Python committer) Date: 2013-10-24 15:00
> I see a crash in test_capi and a couple of crashes
> in test_faulthandler but these don't seem to be related.

Perhaps the same as #9116.
msg203185 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-11-17 14:45
I no longer see the crashs.
msg203504 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2013-11-20 16:43
New changeset cb1691d42101 by Christian Heimes in branch 'default':
Issue #16632: Enable DEP and ASLR on Windows.
msg235218 - (view) Author: Ricky Zhou (ricky) Date: 2015-02-02 02:15
Sorry to revive this old bug, but would it be possible to get ASLR/DEP for windows on the 2.7 branch as well?

Also, re Christian's comment about DEP being disabled if a single libray doesn't support it - are you sure that's the case? I'm very new to windows stuff, but the only information about this I saw online was, which says that only /NXCOMPAT on the EXE matters.
msg235241 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2015-02-02 11:24
I reopen the issue, so the question of porting the change to Python 2.7 can be replied.
msg271669 - (view) Author: Berker Peksag (berker.peksag) * (Python committer) Date: 2016-07-30 08:01
This has already been backported to 2.7 in issue 24508.
Date User Action Args
2022-04-11 14:57:39adminsetgithub: 60836
2016-07-30 08:01:32berker.peksagsetstatus: open -> closed

nosy: + berker.peksag
messages: + msg271669

resolution: fixed
2016-06-12 11:25:02christian.heimessetassignee: christian.heimes ->
2015-02-02 11:24:26vstinnersetstatus: closed -> open

nosy: + steve.dower
messages: + msg235241

resolution: fixed -> (no value)
2015-02-02 02:15:18rickysetnosy: + ricky
messages: + msg235218
2013-11-20 16:44:21christian.heimessetstatus: open -> closed
resolution: fixed
stage: commit review -> resolved
2013-11-20 16:43:32python-devsetnosy: + python-dev
messages: + msg203504
2013-11-17 14:45:24christian.heimessetmessages: + msg203185
2013-10-24 15:00:08skrahsetnosy: + skrah
messages: + msg201145
2013-10-24 12:58:00christian.heimessetassignee: christian.heimes
messages: + msg201123
2013-10-24 12:56:43vstinnersetmessages: + msg201122
2013-10-24 12:45:21tim.goldensetnosy: - tim.golden
2013-02-25 18:31:11ebfesetnosy: - ebfe
2013-02-25 18:29:53vstinnersetnosy: + vstinner
messages: + msg182970
2013-02-23 21:37:21devinsetnosy: + devin
2012-12-10 13:38:38loewissetmessages: + msg177290
stage: test needed -> commit review
2012-12-10 13:05:32jceasetnosy: + jcea
2012-12-09 13:45:23christian.heimessetmessages: + msg177217
2012-12-09 13:34:58ebfesetnosy: + ebfe
messages: + msg177216
2012-12-08 19:23:52pitrousetnosy: + tim.golden, brian.curtin
2012-12-07 12:56:53loewissetnosy: + loewis
messages: + msg177084
2012-12-07 10:23:01christian.heimescreate