Re: [Python-ideas] Executable space protection: NX bit,

Tue, 04 Sep 2018 06:55:52 -0700 

Hey Wes, the checksec() function in PEDA that you cited has a standalone
version as well:

https://github.com/slimm609/checksec.sh

Running this on my Python (installed from Ubuntu package):

$ checksec --output json -f /usr/bin/python3.6 | python3 -m json.tool
{
    "file": {
        "relro": "partial",
        "canary": "yes",
        "nx": "yes",
        "pie": "no",
        "rpath": "no",
        "runpath": "no",
        "fortify_source": "yes",
        "fortified": "17",
        "fortify-able": "41",
        "filename": "/usr/bin/python3.6"
    }
}

My Python has pretty typical security mitigations. Most of these features
are determined at compile time, so you can try compiling Python yourself
with different compiler flags and see what other configurations are
possible. Some mitigations hurt performance and others may be incompatible
with Python itself. If you search on bugs.python.org you'll find a few
different issues on these topics.

On Mon, Sep 3, 2018 at 3:01 AM Wes Turner <wes.tur...@gmail.com> wrote:

> Rationale
> =========
> - Separation of executable code and non-executable data is a good thing.
> - Additional security in Python is a good idea.
> - Python should support things like the NX bit to separate code and
> non-executable data.
>
> Discussion
> ==========
> How could Python implement support for the NX bit? (And/or additional
> modern security measures; as appropriate).
>
> What sort of an API would C extensions need?
>
> Would this be easier in PyPy or in CPython?
>
> - https://en.wikipedia.org/wiki/NX_bit
> - https://en.wikipedia.org/wiki/Executable_space_protection
>
> Here's one way to identify whether an executable supports NX:
> https://github.com/longld/peda/blob/e0eb0af4bcf3ee/peda.py#L2543
> _______________________________________________
> Python-ideas mailing list
> Python-ideas@python.org
> https://mail.python.org/mailman/listinfo/python-ideas
> Code of Conduct: http://python.org/psf/codeofconduct/
>

_______________________________________________
Python-ideas mailing list
Python-ideas@python.org
https://mail.python.org/mailman/listinfo/python-ideas
Code of Conduct: http://python.org/psf/codeofconduct/

Reply via email to