Exposing Trojan Source exploits in Emacs

Posted Nov 12, 2021 11:44 UTC (Fri) by dottedmag (subscriber, #18590)
Parent article: Exposing Trojan Source exploits in Emacs

> Zaretskii's point is that adding warnings to this kind of usage, which is not malicious, is a distraction that trains users to ignore the warnings wherever they appear.

I don't buy it. There are just a several files in the existence that use these characters legitimately, and these could just use a banner at the beginning: "review carefully, legitimate bidi characters inside".

Exposing Trojan Source exploits in Emacs

Posted Nov 13, 2021 18:12 UTC (Sat) by marcH (subscriber, #57642) [Link] (1 responses)

One size does not fit all, this is what this discussion seems to have missed.

I mean Emacs has many users that use bidi 0.0000001% of the time, only when opening some file in some language totally unknown to them. So for all these users there is simply no "too many false positives" risk at all. For all these users there should be a dead simple warning that highlights ALL direction changes. The default value for this setting could be based on the locale and of course easy to override and switch to one of the smarter approaches for those who need them.

Exposing Trojan Source exploits in Emacs

Posted Nov 14, 2021 10:06 UTC (Sun) by tzafrir (subscriber, #11501) [Link]

As someone who uses bidirectional text on a daily basis, I still wonder where there is any practical use for LRO and RLO. I guess that there is, but I am personally not aware of a use case for it.