[New-bugs-announce] [issue16632] Enable DEP and ASLR
Christian Heimes
report at bugs.python.org
Fri Dec 7 11:23:01 CET 2012
New submission from Christian Heimes:
Python 3.3 doesn't use address space layout randomization [1] and data execution prevention [2] on Windows. ASLR and DEP make certain kinds of attacks harder. An attacker can't predict the address of functions or globals anymore and DEP helps against NOP sled attacks.
Python's test suite runs fine with DEP and ASLR on AMD64. I see a crash in test_capi and a couple of crashes in test_faulthandler but these don't seem to be related.
[1] http://en.wikipedia.org/wiki/ASLR
[2] http://en.wikipedia.org/wiki/Data_Execution_Prevention
----------
components: Windows
files: depaslr.patch
keywords: patch
messages: 177077
nosy: christian.heimes
priority: normal
severity: normal
stage: test needed
status: open
title: Enable DEP and ASLR
type: security
versions: Python 3.4
Added file: http://bugs.python.org/file28236/depaslr.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue16632>
_______________________________________
More information about the New-bugs-announce
mailing list