The "Trojan Source" vulnerability
source link: https://lwn.net/Articles/874546/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
The "Trojan Source" vulnerability
(Log in to post comments)
The "Trojan Source" vulnerability
Posted Nov 1, 2021 15:22 UTC (Mon) by mattdm (subscriber, #18) [Link]
The "Trojan Source" vulnerability
Posted Nov 1, 2021 16:00 UTC (Mon) by dskoll (subscriber, #1630) [Link]
I opened the C examples in emacs. For the commenting-out.c, early-return.c, and invisible-function.c examples, the Emacs C syntax highlighter gave obviously-odd highlighting results. The homoglyph-function.c and stretched-string.c examples evaded the syntax highlighter.
The "Trojan Source" vulnerability
Posted Nov 1, 2021 16:41 UTC (Mon) by siddhesh (subscriber, #64914) [Link]
I opened the C examples in emacs. For the commenting-out.c, early-return.c, and invisible-function.c examples, the Emacs C syntax highlighter gave obviously-odd highlighting results. The homoglyph-function.c and stretched-string.c examples evaded the syntax highlighter.
Homoglyphs are hard to track, but for BIDI almost all editors I looked at gave it away in some way or another. At the very least the control characters affected syntax highlighting. In emacs one sees underscores at points where direction changes and even the cursor jumps around as you scroll. Vim does not render RLO/LRO and shows them as <202e>, etc.
The "Trojan Source" vulnerability
Posted Nov 1, 2021 16:00 UTC (Mon) by mchehab (subscriber, #41156) [Link]
Just checked at the Kernel (next-20211101). Nothing wrong there, but I guess it is time to send another series of patches in order to avoid UTF-8 symbols that are too close to ASCII chars (like MINUS SIGN, and dash symbols). Perhaps I should consider adding it to scripts/.
The "Trojan Source" vulnerability
Posted Nov 1, 2021 16:12 UTC (Mon) by linuxrocks123 (guest, #34648) [Link]
The "Trojan Source" vulnerability
Posted Nov 1, 2021 16:49 UTC (Mon) by siddhesh (subscriber, #64914) [Link]
The "Trojan Source" vulnerability
Posted Nov 1, 2021 16:43 UTC (Mon) by flussence (subscriber, #85566) [Link]
The "Trojan Source" vulnerability
Posted Nov 1, 2021 16:48 UTC (Mon) by bkw1a (subscriber, #4101) [Link]
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK