New submission from Christian Heimes: Python 3.3 doesn't use address space layout randomization [1] and data execution prevention [2] on Windows. ASLR and DEP make certain kinds of attacks harder. An attacker can't predict the address of functions or globals anymore and DEP helps against NOP sled attacks.
Python's test suite runs fine with DEP and ASLR on AMD64. I see a crash in test_capi and a couple of crashes in test_faulthandler but these don't seem to be related. [1] http://en.wikipedia.org/wiki/ASLR [2] http://en.wikipedia.org/wiki/Data_Execution_Prevention ---------- components: Windows files: depaslr.patch keywords: patch messages: 177077 nosy: christian.heimes priority: normal severity: normal stage: test needed status: open title: Enable DEP and ASLR type: security versions: Python 3.4 Added file: http://bugs.python.org/file28236/depaslr.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue16632> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
