• OT: 'Trojan Source' bug a novel way to attack program encodings (Unicod

    From Gary Scott@21:1/5 to All on Wed Nov 3 10:06:19 2021
    'Trojan Source' bug a novel way to attack program encodings: https://techxplore.com/news/2021-11-trojan-source-bug-encodings.html

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jos Bergervoet@21:1/5 to Gary Scott on Thu Nov 11 09:30:42 2021
    On 21/11/03 4:06 PM, Gary Scott wrote:
    'Trojan Source' bug a novel way to attack program encodings: https://techxplore.com/news/2021-11-trojan-source-bug-encodings.html

    If "virtually all of the most popular programming languages" allow
    this Unicode trick, as we read, can we conclude then that Fortran
    is "virtually the only safe programming language"?!

    Saved by backward compatibility with punch cards, of course! :-)

    --
    Jos

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Arjen Markus@21:1/5 to Jos Bergervoet on Thu Nov 11 02:41:01 2021
    On Thursday, November 11, 2021 at 9:32:04 AM UTC+1, Jos Bergervoet wrote:
    On 21/11/03 4:06 PM, Gary Scott wrote:
    'Trojan Source' bug a novel way to attack program encodings: https://techxplore.com/news/2021-11-trojan-source-bug-encodings.html
    If "virtually all of the most popular programming languages" allow
    this Unicode trick, as we read, can we conclude then that Fortran
    is "virtually the only safe programming language"?!

    Saved by backward compatibility with punch cards, of course! :-)

    --
    Jos

    my venerable text editor (which I prefer over the built-in editor in Visual Studio) has no knowledge of UNICODE and will therefore bluntly show BOM markers and other things that are not ordinary ASCII. Even tabs show up as a fat black dot. It has a
    predecessor that I know from the old days when we used an IBM minicomputer ... Sometimes it is not all that bad not to use the latest and greatest technology.

    That said, the article is either sloppy in showing the raw text and the UNICODE-conforming processed text or I do not quit understand how these Bidi fragments work. I strongly suspect the latter.

    Regards,

    Arjen

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From gah4@21:1/5 to Gary Scott on Thu Nov 11 10:55:33 2021
    On Wednesday, November 3, 2021 at 8:06:22 AM UTC-7, Gary Scott wrote:
    'Trojan Source' bug a novel way to attack program encodings: https://techxplore.com/news/2021-11-trojan-source-bug-encodings.html

    There was once a story, though I don't know if it was ever implemented,
    about a trojan C compiler. The compiler would compile its own source
    code, and add in the trojan during compilation. You could look at the source all you wanted, and would never see it, but it would end up in the compiler anyway.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Thomas Koenig@21:1/5 to gah4@u.washington.edu on Thu Nov 11 19:41:31 2021
    gah4 <gah4@u.washington.edu> schrieb:
    On Wednesday, November 3, 2021 at 8:06:22 AM UTC-7, Gary Scott wrote:
    'Trojan Source' bug a novel way to attack program encodings:
    https://techxplore.com/news/2021-11-trojan-source-bug-encodings.html

    There was once a story, though I don't know if it was ever implemented,
    about a trojan C compiler. The compiler would compile its own source
    code, and add in the trojan during compilation. You could look at the source all you wanted, and would never see it, but it would end up in the compiler anyway.

    Google "Reflections on Trusting Trust", the Turing award lecture
    by Ken Thompson of UNIX fame.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)