OT: 'Trojan Source' bug a novel way to attack program encodings (Unicode)

87 views
Skip to first unread message

Gary Scott

unread,
Nov 3, 2021, 11:06:22 AM11/3/21
to
'Trojan Source' bug a novel way to attack program encodings:
https://techxplore.com/news/2021-11-trojan-source-bug-encodings.html

Jos Bergervoet

unread,
Nov 11, 2021, 3:32:04 AM11/11/21
to
On 21/11/03 4:06 PM, Gary Scott wrote:
> 'Trojan Source' bug a novel way to attack program encodings:
> https://techxplore.com/news/2021-11-trojan-source-bug-encodings.html

If "virtually all of the most popular programming languages" allow
this Unicode trick, as we read, can we conclude then that Fortran
is "virtually the only safe programming language"?!

Saved by backward compatibility with punch cards, of course! :-)

--
Jos

Arjen Markus

unread,
Nov 11, 2021, 5:41:02 AM11/11/21
to
my venerable text editor (which I prefer over the built-in editor in Visual Studio) has no knowledge of UNICODE and will therefore bluntly show BOM markers and other things that are not ordinary ASCII. Even tabs show up as a fat black dot. It has a predecessor that I know from the old days when we used an IBM minicomputer ... Sometimes it is not all that bad not to use the latest and greatest technology.

That said, the article is either sloppy in showing the raw text and the UNICODE-conforming processed text or I do not quit understand how these Bidi fragments work. I strongly suspect the latter.

Regards,

Arjen

gah4

unread,
Nov 11, 2021, 1:55:35 PM11/11/21
to
On Wednesday, November 3, 2021 at 8:06:22 AM UTC-7, Gary Scott wrote:
> 'Trojan Source' bug a novel way to attack program encodings:
> https://techxplore.com/news/2021-11-trojan-source-bug-encodings.html

There was once a story, though I don't know if it was ever implemented,
about a trojan C compiler. The compiler would compile its own source
code, and add in the trojan during compilation. You could look at the source
all you wanted, and would never see it, but it would end up in the compiler
anyway.

Thomas Koenig

unread,
Nov 11, 2021, 2:41:34 PM11/11/21
to
gah4 <ga...@u.washington.edu> schrieb:
Google "Reflections on Trusting Trust", the Turing award lecture
by Ken Thompson of UNIX fame.
Reply all
Reply to author
Forward
0 new messages