Enable DEP and ASLR #60836

tiran · 2012-12-07T10:23:01Z

BPO	16632
Nosy	@loewis, @jcea, @vstinner, @tiran, @briancurtin, @skrah, @berkerpeksag, @zooba
Files	depaslr.patch

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2016-07-30.08:01:32.820>
created_at = <Date 2012-12-07.10:23:01.425>
labels = ['type-security', 'OS-windows']
title = 'Enable DEP and ASLR'
updated_at = <Date 2016-07-30.08:01:32.790>
user = 'https://github.com/tiran'

bugs.python.org fields:

activity = <Date 2016-07-30.08:01:32.790>
actor = 'berker.peksag'
assignee = 'none'
closed = True
closed_date = <Date 2016-07-30.08:01:32.820>
closer = 'berker.peksag'
components = ['Windows']
creation = <Date 2012-12-07.10:23:01.425>
creator = 'christian.heimes'
dependencies = []
files = ['28236']
hgrepos = []
issue_num = 16632
keywords = ['patch']
message_count = 14.0
messages = ['177077', '177084', '177216', '177217', '177290', '182970', '201122', '201123', '201145', '203185', '203504', '235218', '235241', '271669']
nosy_count = 11.0
nosy_names = ['loewis', 'jcea', 'vstinner', 'christian.heimes', 'brian.curtin', 'skrah', 'devin', 'python-dev', 'ricky', 'berker.peksag', 'steve.dower']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'security'
url = 'https://bugs.python.org/issue16632'
versions = ['Python 3.4']

tiran · 2012-12-07T10:23:01Z

Python 3.3 doesn't use address space layout randomization [1] and data execution prevention [2] on Windows. ASLR and DEP make certain kinds of attacks harder. An attacker can't predict the address of functions or globals anymore and DEP helps against NOP sled attacks.

Python's test suite runs fine with DEP and ASLR on AMD64. I see a crash in test_capi and a couple of crashes in test_faulthandler but these don't seem to be related.

[1] http://en.wikipedia.org/wiki/ASLR
[2] http://en.wikipedia.org/wiki/Data_Execution_Prevention

loewis · 2012-12-07T12:56:54Z

I'm +0. There is a risk that this may break 3rd-party extension modules.

ebfe · 2012-12-09T13:34:58Z

Only way to be sure: Enable & announce for 3.5 and wait for bug reports

tiran · 2012-12-09T13:45:23Z

DEP isn't much of an issue. It's automatically disabled for the entire process when one library w/o DEP is loaded.

loewis · 2012-12-10T13:38:39Z

I don't think much caution is needed. If problems don't show up in the beta releases, we can still revert the change for 3.4.1.

Christian, please go ahead and check this in.

vstinner · 2013-02-25T18:29:53Z

I see a crash in test_capi and a couple of crashes
in test_faulthandler but these don't seem to be related.

Which kind of crash? faulthandler has functions to make Python crash, crashes are expected :-)

vstinner · 2013-10-24T12:56:43Z

@crys: ping?

tiran · 2013-10-24T12:58:00Z

I'll look in this next time my Windows VM is running.

skrah · 2013-10-24T15:00:08Z

I see a crash in test_capi and a couple of crashes
in test_faulthandler but these don't seem to be related.

Perhaps the same as bpo-9116.

tiran · 2013-11-17T14:45:25Z

I no longer see the crashs.

python-dev · 2013-11-20T16:43:33Z

New changeset cb1691d42101 by Christian Heimes in branch 'default':
Issue bpo-16632: Enable DEP and ASLR on Windows.
http://hg.python.org/cpython/rev/cb1691d42101

ricky · 2015-02-02T02:15:18Z

Sorry to revive this old bug, but would it be possible to get ASLR/DEP for windows on the 2.7 branch as well?

Also, re Christian's comment about DEP being disabled if a single libray doesn't support it - are you sure that's the case? I'm very new to windows stuff, but the only information about this I saw online was http://0xdabbad00.com/2012/12/07/dep-data-execution-prevention-explanation/, which says that only /NXCOMPAT on the EXE matters.

vstinner · 2015-02-02T11:24:27Z

I reopen the issue, so the question of porting the change to Python 2.7 can be replied.

berkerpeksag · 2016-07-30T08:01:33Z

This has already been backported to 2.7 in bpo-24508.

tiran added OS-windows type-security A security issue labels Dec 7, 2012

tiran self-assigned this Oct 24, 2013

tiran closed this as completed Nov 20, 2013

vstinner reopened this Feb 2, 2015

tiran removed their assignment Jun 12, 2016

berkerpeksag closed this as completed Jul 30, 2016

ezio-melotti transferred this issue from another repository Apr 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enable DEP and ASLR #60836

Enable DEP and ASLR #60836

tiran commented Dec 7, 2012

tiran commented Dec 7, 2012

loewis mannequin commented Dec 7, 2012

ebfe mannequin commented Dec 9, 2012

tiran commented Dec 9, 2012

loewis mannequin commented Dec 10, 2012

vstinner commented Feb 25, 2013

vstinner commented Oct 24, 2013

tiran commented Oct 24, 2013

skrah mannequin commented Oct 24, 2013

tiran commented Nov 17, 2013

python-dev mannequin commented Nov 20, 2013

ricky mannequin commented Feb 2, 2015

vstinner commented Feb 2, 2015

berkerpeksag commented Jul 30, 2016

Enable DEP and ASLR #60836

Enable DEP and ASLR #60836

Comments

tiran commented Dec 7, 2012

tiran commented Dec 7, 2012

loewis mannequin commented Dec 7, 2012

ebfe mannequin commented Dec 9, 2012

tiran commented Dec 9, 2012

loewis mannequin commented Dec 10, 2012

vstinner commented Feb 25, 2013

vstinner commented Oct 24, 2013

tiran commented Oct 24, 2013

skrah mannequin commented Oct 24, 2013

tiran commented Nov 17, 2013

python-dev mannequin commented Nov 20, 2013

ricky mannequin commented Feb 2, 2015

vstinner commented Feb 2, 2015

berkerpeksag commented Jul 30, 2016