On Monday, September 3, 2018, Cameron Simpson <[email protected]> wrote:
> On 03Sep2018 20:58, Wes Turner <[email protected]> wrote: > >> So, if an application accepts user-supplied input (such as a JSON >> payload), >> is that data marked as non-executable? >> > > Unless you've hacked the JSON decoder (I think you can supply a custom > decoder for some things) all you're doing to get back is ints, strs, dicts > and lists. And floats. None of those is executable. Can another process or exploitable C extension JMP to that data or no? > > Cheers, > Cameron Simpson <[email protected]> > _______________________________________________ > Python-ideas mailing list > [email protected] > https://mail.python.org/mailman/listinfo/python-ideas > Code of Conduct: http://python.org/psf/codeofconduct/ >
_______________________________________________ Python-ideas mailing list [email protected] https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/
