[Python-ideas] Executable space protection: NX bit,
Cameron Simpson
cs at cskk.id.au
Mon Sep 3 23:26:48 EDT 2018
On 03Sep2018 22:32, Wes Turner <wes.turner at gmail.com> wrote:
>On Monday, September 3, 2018, Cameron Simpson <cs at cskk.id.au> wrote:
>> On 03Sep2018 20:58, Wes Turner <wes.turner at gmail.com> wrote:
>>> So, if an application accepts user-supplied input (such as a JSON
>>> payload),
>>> is that data marked as non-executable?
>>
>> Unless you've hacked the JSON decoder (I think you can supply a custom
>> decoder for some things) all you're doing to get back is ints, strs, dicts
>> and lists. And floats. None of those is executable.
>
>Can another process or exploitable C extension JMP to that data or no?
See Stephan Houben's reply to your post: heap and stack on modern OSes are
normally NX mode already, and CPython objects live on the stack. So in that
circumstance, no.
Cheers,
Cameron Simpson <cs at cskk.id.au>
More information about the Python-ideas
mailing list