Malcolm: Prevent Trojan Source attacks with GCC 12
Malcolm: Prevent Trojan Source attacks with GCC 12
Posted Jan 13, 2022 18:53 UTC (Thu) by kreijack (guest, #43513)In reply to: Malcolm: Prevent Trojan Source attacks with GCC 12 by mathstuf
Parent article: Malcolm: Prevent Trojan Source attacks with GCC 12
This topic was already deeply discussed the first article about this "Trojan". Anyway there are other cases were NON ASCII code must be allowed, like
- in comments
- in string
My opinion is that for the identifier (like name of functions, classes or variables) it is acceptable to allow a characters set ascii only. However most peoples don't agree.
Finally, I have to point out that the problem described here is not due to allowing "non ascii" characters , but due to
- allowing the bidirection unicode control characters
- allowing the homoglyphs
Both the characters above are a SMALL subset of the full unicode set.
And last but not least, give an eye to https://en.wikipedia.org/wiki/IDN_homograph_attack#Homogr... , which describes that the problem may happen even using the ASCII subset.
Posted Jan 14, 2022 14:18 UTC (Fri)
by wtarreau (subscriber, #51152)
[Link] (2 responses)
Yep! For the record, when I was a student, I once had fun remapping another person's keyboard so that pressing the digit "0" (zero) would instead send letter "O". That person was typing JTAG sequences with hundreds of 1/0 bits in strings and never understood why there were these strange errors (due to the tool in place having very cryptic messages).
Posted Jan 14, 2022 16:51 UTC (Fri)
by mathstuf (subscriber, #69389)
[Link] (1 responses)
Posted Jan 17, 2022 13:14 UTC (Mon)
by wtarreau (subscriber, #51152)
[Link]
Malcolm: Prevent Trojan Source attacks with GCC 12
Malcolm: Prevent Trojan Source attacks with GCC 12
Malcolm: Prevent Trojan Source attacks with GCC 12