bnbdr comments

Results 4 comments of


                                            bnbdr

Compiled rules can execute malicious code regardless of PARANOID_EXEC

> using `OP_COUNT` to read the objects canary Yes. My PoC uses a fake function object and then executes code using `OP_CALL`. > more detailed explanation of your exploit would...

Compiled rules can execute malicious code regardless of PARANOID_EXEC

@plusvic the write-up is here: https://bnbdr.github.io/posts/extracheese/ the PoC is here: https://github.com/bnbdr/swisscheese

Compiled rules can execute malicious code regardless of PARANOID_EXEC

Thanks. >...from the the uninitialized vmem that are return addresses left in the stack, and they can be used for determining the base address where the library was loaded Yeah,...

bug: overrides property only honored when running install the first time

This reproduced for me on `9.6.6`, but works as expected when specifying the override 'globally': ```json { "name": "test", "version": "1.0.0", "dependencies": { "json-server": "0.17.0" }, "overrides": { "package-json": "7.0.0"...