On 03Sep2018 22:32, Wes Turner <wes.tur...@gmail.com> wrote:
On Monday, September 3, 2018, Cameron Simpson <c...@cskk.id.au> wrote:
On 03Sep2018 20:58, Wes Turner <wes.tur...@gmail.com> wrote:
So, if an application accepts user-supplied input (such as a JSON
payload),
is that data marked as non-executable?
Unless you've hacked the JSON decoder (I think you can supply a custom
decoder for some things) all you're doing to get back is ints, strs, dicts
and lists. And floats. None of those is executable.
Can another process or exploitable C extension JMP to that data or no?
See Stephan Houben's reply to your post: heap and stack on modern OSes are
normally NX mode already, and CPython objects live on the stack. So in that
circumstance, no.
Cheers,
Cameron Simpson <c...@cskk.id.au>
_______________________________________________
Python-ideas mailing list
Python-ideas@python.org
https://mail.python.org/mailman/listinfo/python-ideas
Code of Conduct: http://python.org/psf/codeofconduct/
