This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2012年12月07日 10:23 by christian.heimes, last changed 2022年04月11日 14:57 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| depaslr.patch | christian.heimes, 2012年12月07日 10:23 | review | ||
| Messages (14) | |||
|---|---|---|---|
| msg177077 - (view) | Author: Christian Heimes (christian.heimes) * (Python committer) | Date: 2012年12月07日 10:23 | |
Python 3.3 doesn't use address space layout randomization [1] and data execution prevention [2] on Windows. ASLR and DEP make certain kinds of attacks harder. An attacker can't predict the address of functions or globals anymore and DEP helps against NOP sled attacks. Python's test suite runs fine with DEP and ASLR on AMD64. I see a crash in test_capi and a couple of crashes in test_faulthandler but these don't seem to be related. [1] http://en.wikipedia.org/wiki/ASLR [2] http://en.wikipedia.org/wiki/Data_Execution_Prevention |
|||
| msg177084 - (view) | Author: Martin v. Löwis (loewis) * (Python committer) | Date: 2012年12月07日 12:56 | |
I'm +0. There is a risk that this may break 3rd-party extension modules. |
|||
| msg177216 - (view) | Author: Lukas Lueg (ebfe) | Date: 2012年12月09日 13:34 | |
Only way to be sure: Enable & announce for 3.5 and wait for bug reports |
|||
| msg177217 - (view) | Author: Christian Heimes (christian.heimes) * (Python committer) | Date: 2012年12月09日 13:45 | |
DEP isn't much of an issue. It's automatically disabled for the entire process when one library w/o DEP is loaded. |
|||
| msg177290 - (view) | Author: Martin v. Löwis (loewis) * (Python committer) | Date: 2012年12月10日 13:38 | |
I don't think much caution is needed. If problems don't show up in the beta releases, we can still revert the change for 3.4.1. Christian, please go ahead and check this in. |
|||
| msg182970 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2013年02月25日 18:29 | |
> I see a crash in test_capi and a couple of crashes > in test_faulthandler but these don't seem to be related. Which kind of crash? faulthandler has functions to make Python crash, crashes are expected :-) |
|||
| msg201122 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2013年10月24日 12:56 | |
@Crys: ping? |
|||
| msg201123 - (view) | Author: Christian Heimes (christian.heimes) * (Python committer) | Date: 2013年10月24日 12:58 | |
I'll look in this next time my Windows VM is running. |
|||
| msg201145 - (view) | Author: Stefan Krah (skrah) * (Python committer) | Date: 2013年10月24日 15:00 | |
> I see a crash in test_capi and a couple of crashes > in test_faulthandler but these don't seem to be related. Perhaps the same as #9116. |
|||
| msg203185 - (view) | Author: Christian Heimes (christian.heimes) * (Python committer) | Date: 2013年11月17日 14:45 | |
I no longer see the crashs. |
|||
| msg203504 - (view) | Author: Roundup Robot (python-dev) (Python triager) | Date: 2013年11月20日 16:43 | |
New changeset cb1691d42101 by Christian Heimes in branch 'default': Issue #16632: Enable DEP and ASLR on Windows. http://hg.python.org/cpython/rev/cb1691d42101 |
|||
| msg235218 - (view) | Author: Ricky Zhou (ricky) | Date: 2015年02月02日 02:15 | |
Sorry to revive this old bug, but would it be possible to get ASLR/DEP for windows on the 2.7 branch as well? Also, re Christian's comment about DEP being disabled if a single libray doesn't support it - are you sure that's the case? I'm very new to windows stuff, but the only information about this I saw online was http://0xdabbad00.com/2012/12/07/dep-data-execution-prevention-explanation/, which says that only /NXCOMPAT on the EXE matters. |
|||
| msg235241 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2015年02月02日 11:24 | |
I reopen the issue, so the question of porting the change to Python 2.7 can be replied. |
|||
| msg271669 - (view) | Author: Berker Peksag (berker.peksag) * (Python committer) | Date: 2016年07月30日 08:01 | |
This has already been backported to 2.7 in issue 24508. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022年04月11日 14:57:39 | admin | set | github: 60836 |
| 2016年07月30日 08:01:32 | berker.peksag | set | status: open -> closed nosy: + berker.peksag messages: + msg271669 resolution: fixed |
| 2016年06月12日 11:25:02 | christian.heimes | set | assignee: christian.heimes -> |
| 2015年02月02日 11:24:26 | vstinner | set | status: closed -> open nosy: + steve.dower messages: + msg235241 resolution: fixed -> (no value) |
| 2015年02月02日 02:15:18 | ricky | set | nosy:
+ ricky messages: + msg235218 |
| 2013年11月20日 16:44:21 | christian.heimes | set | status: open -> closed resolution: fixed stage: commit review -> resolved |
| 2013年11月20日 16:43:32 | python-dev | set | nosy:
+ python-dev messages: + msg203504 |
| 2013年11月17日 14:45:24 | christian.heimes | set | messages: + msg203185 |
| 2013年10月24日 15:00:08 | skrah | set | nosy:
+ skrah messages: + msg201145 |
| 2013年10月24日 12:58:00 | christian.heimes | set | assignee: christian.heimes messages: + msg201123 |
| 2013年10月24日 12:56:43 | vstinner | set | messages: + msg201122 |
| 2013年10月24日 12:45:21 | tim.golden | set | nosy:
- tim.golden |
| 2013年02月25日 18:31:11 | ebfe | set | nosy:
- ebfe |
| 2013年02月25日 18:29:53 | vstinner | set | nosy:
+ vstinner messages: + msg182970 |
| 2013年02月23日 21:37:21 | devin | set | nosy:
+ devin |
| 2012年12月10日 13:38:38 | loewis | set | messages:
+ msg177290 stage: test needed -> commit review |
| 2012年12月10日 13:05:32 | jcea | set | nosy:
+ jcea |
| 2012年12月09日 13:45:23 | christian.heimes | set | messages: + msg177217 |
| 2012年12月09日 13:34:58 | ebfe | set | nosy:
+ ebfe messages: + msg177216 |
| 2012年12月08日 19:23:52 | pitrou | set | nosy:
+ tim.golden, brian.curtin |
| 2012年12月07日 12:56:53 | loewis | set | nosy:
+ loewis messages: + msg177084 |
| 2012年12月07日 10:23:01 | christian.heimes | create | |