Malcolm: Prevent Trojan Source attacks with GCC 12

Posted Jan 13, 2022 1:07 UTC (Thu) by andresfreund (subscriber, #69562)
In reply to: Malcolm: Prevent Trojan Source attacks with GCC 12 by JoeBuck
Parent article: Malcolm: Prevent Trojan Source attacks with GCC 12

> Ideally GCC should warn against dangerous and suspect uses without discriminating against people who want to write comments or have strings in their native language.

Seems some attempts at that have been made?

From the post:

> We call a tokenization boundary such as a comment or string literal a bidirectional context in the warning because the obfuscation happens when there are differences between the structure as seen by the C tokenizer of the logical ordering of the characters on the one hand and the structure perceived by a human reader of the visual ordering of the code as implemented by the Unicode bidirectional algorithm on the other.

>The default is -Wbidi-chars=unpaired, in which the warning complains about unpaired characters within such a bidirectional context. A stronger form of the warning is -Wbidi-chars=any, in which the warning complains about any bidirectional control characters in the source code:

Malcolm: Prevent Trojan Source attacks with GCC 12

Posted Jan 13, 2022 2:31 UTC (Thu) by NYKevin (subscriber, #129325) [Link]

Unless I am misunderstanding something, that sounds entirely correct to me: The default behavior should be to allow legitimate uses of bidi characters, and there's also a stricter option for people who want to code entirely in LTR and only write RTL characters with \u escapes, localization files, and such (or the reverse, for that matter - most punctuation characters are bidi-neutral, and you can even use preprocessor directives to "hide" all of the LTR English keywords like int behind an RTL macro, so that you can write mostly or entirely RTL C if you really want to).