Thanks to visit codestin.com
Credit goes to github.com

Skip to content

ENH: Windows console executable f2py.exe missing ASLR #29207

New issue
New issue
Closed as not planned
Closed as not planned
ENH: Windows console executable f2py.exe missing ASLR#29207
Labels
53 - Invalid
@mmansano-cvlt

Description

@mmansano-cvlt
mmansano-cvlt
opened on Jun 13, 2025

Proposed new feature or change:

Summary

Windows console executables shipped by NumPy (f2py.exe) are built without the /DYNAMICBASE linker flag, meaning ASLR is disabled.

Why It Matters

ASLR is a standard security mitigation on Windows—executable files without it are easier targets for memory-based exploits. Given that NumPy is widely deployed, enabling ASLR is recommended for all Windows release artifacts.

How to Check

  1. Download a Windows executable (f2py.exe).
  2. Run dumpbin /headers <exe> and inspect the DLL characteristics for /DYNAMIC_BASE.
  3. Note that the flag is currently missing.

Suggested Fix

  • Pass /DYNAMICBASE to the linker via extra_link_args or appropriate distutils/setuptools configuration.
  • Modify Windows launcher scripts or use compiled entry-point stubs that include ASLR.
  • Validate via CI that ASLR is present on release binaries.

Affected files

  • numpy: f2py.exe

Context

Security hardening best practices recommend PIE or dynamic base for all Windows executables.

Metadata

Metadata

Assignees

No one assigned

    Labels

    53 - Invalid

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions