[issue32757] Python 2.7 : Buffer Overflow vulnerability in exec() function
Josh Rosenberg
report at bugs.python.org
Sat Feb 3 12:20:41 EST 2018
Josh Rosenberg <shadowranger+python at gmail.com> added the comment:
A server that exposes arbitrary exec's to user-submitted data can already be controlled. exec can do anything that Python can do, that's the whole point. Sure, crashing Python is bad, but it could also keep Python alive and start dumping the database to arbitrary people, deleting files, etc.
Also, your Proof of Concept code is cluttered with pointless garbage AFAICT. Do you really need all the unused multiline strings to trigger this?
----------
nosy: +josh.r
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue32757>
_______________________________________
More information about the Python-bugs-list
mailing list