OT: 'Trojan Source' bug a novel way to attack program encodings (Unicode)

[Gary Scott]

'Trojan Source' bug a novel way to attack program encodings:
https://techxplore.com/news/2021-11-trojan-source-bug-encodings.html

[Jos Bergervoet]

On 21/11/03 4:06 PM, Gary Scott wrote:
> 'Trojan Source' bug a novel way to attack program encodings:
> https://techxplore.com/news/2021-11-trojan-source-bug-encodings.html

If "virtually all of the most popular programming languages" allow
this Unicode trick, as we read, can we conclude then that Fortran
is "virtually the only safe programming language"?!

Saved by backward compatibility with punch cards, of course! :-)

--
Jos

[Arjen Markus]

my venerable text editor (which I prefer over the built-in editor in Visual Studio) has no knowledge of UNICODE and will therefore bluntly show BOM markers and other things that are not ordinary ASCII. Even tabs show up as a fat black dot. It has a predecessor that I know from the old days when we used an IBM minicomputer ... Sometimes it is not all that bad not to use the latest and greatest technology.

That said, the article is either sloppy in showing the raw text and the UNICODE-conforming processed text or I do not quit understand how these Bidi fragments work. I strongly suspect the latter.

Regards,

Arjen

[gah4]

On Wednesday, November 3, 2021 at 8:06:22 AM UTC-7, Gary Scott wrote:
> 'Trojan Source' bug a novel way to attack program encodings:
> https://techxplore.com/news/2021-11-trojan-source-bug-encodings.html

There was once a story, though I don't know if it was ever implemented,
about a trojan C compiler. The compiler would compile its own source
code, and add in the trojan during compilation. You could look at the source
all you wanted, and would never see it, but it would end up in the compiler
anyway.

[Thomas Koenig]

gah4 <ga...@u.washington.edu> schrieb:

Google "Reflections on Trusting Trust", the Turing award lecture
by Ken Thompson of UNIX fame.