|
| From: | Clément Pit-Claudel |
| Subject: | Re: Unicode confusables and reordering characters considered harmful |
| Date: | Tue, 2 Nov 2021 10:43:04 -0400 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 |
On 11/2/21 8:57 AM, Vasilij Schneidermann wrote: > There's a paper going around that demonstrates how two Unicode features > can be used to trick source code auditors into misinterpreting program > logic. The authors have suggested that language specifications should be > amended, implementations should warn or raise errors and editor tooling > should display visual warnings. Both issues are tracked as > CVE-2021-42574 and CVE-2021-42694. There is a good summary of the issue and relevant mitigations at https://research.swtch.com/trojan (it argues against compiler fixes and in favor of IDE enhancements.)
| [Prev in Thread] | Current Thread | [Next in Thread] |