Navigation
Search
|
Malcolm: Prevent Trojan Source attacks with GCC 12
Wednesday January 12, 2022. 04:30 PM , from LWN.net
David Malcolm describes
some GCC improvements to defend against bidirectional-text attacks in source code. My colleague Marek Polacek and I implemented a new warning for GCC 12, -Wbidi-chars, for detecting Trojan Source attacks involving Unicode control characters. Marek implemented the guts of the warning, but when I tried it out on the examples provided by the Trojan Source researchers, I found I had trouble understanding the initial results—precisely because of the obfuscation itself. So for GCC 12, I've added a new flag to GCC diagnostics, indicating that the diagnostic itself relates to source code encoding. When any such diagnostic is printed, GCC will now escape non-ASCII characters in the source code.
https://lwn.net/Articles/881145/rss
|
25 sources
Current Date
Apr, Fri 19 - 07:34 CEST
|