From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: <tomas@tuxteam.de>
Newsgroups: gmane.emacs.devel
Subject: Re: Unicode confusables and reordering characters considered harmful
Date: Tue, 2 Nov 2021 14:42:52 +0100
Message-ID: <20211102134252.GB16666@tuxteam.de>
References: <YYE1sEv6yS1bBUcu@odonien.localdomain>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="IiVenqGWf+H9Y6IX"
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="33270"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: emacs-devel@gnu.org
To: Vasilij Schneidermann <mail@vasilij.de>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue Nov 02 15:05:09 2021
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1mhuPU-0008NW-Oy
	for ged-emacs-devel@m.gmane-mx.org; Tue, 02 Nov 2021 15:05:08 +0100
Original-Received: from localhost ([::1]:36418 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1mhuPT-0000tA-OU
	for ged-emacs-devel@m.gmane-mx.org; Tue, 02 Nov 2021 10:05:07 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:33760)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <tomas@tuxteam.de>) id 1mhu46-0007UC-Ho
 for emacs-devel@gnu.org; Tue, 02 Nov 2021 09:43:02 -0400
Original-Received: from mail.tuxteam.de ([5.199.139.25]:46965)
 by eggs.gnu.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128)
 (Exim 4.90_1) (envelope-from <tomas@tuxteam.de>) id 1mhu43-0005wy-EO
 for emacs-devel@gnu.org; Tue, 02 Nov 2021 09:43:01 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tuxteam.de;
 s=mail; 
 h=From:In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:Date;
 bh=Xsw2jk3oqDL2qlYtUPi1RxTWu1KNmJ+YADYknTquvWw=; 
 b=lQ4aXrQ9hP+XmN4vTW/1op8Sr5RX5W1mpf5sPdAQN3Rac1B9N+Ru+xxmTLyYaSil09bRSgFf2SqXx0y0yvxs4FcyFhWLYxTG7FWYNXSO5lb0bqWF162zIcH+8SBl6dBJwXQWKjldJMnLXmq8jNXLuG3yvaDgr5rWD0IVq/yBdKXTW9gL6VgLax/EnB6E1MUjcy1FSvJPEf4ZhiXFTdGdpvo8bU4XbCgkpnij5cGo0hJEGGX60jw8hz0ztdRDyHUW/yQnZnAk2Ii+6lTyyXdouwtTjyHzvfK7xHR4iArBx6ze7V2p5LJf19ZCKRwcw0JVu+4zAHENqVt85Zm1SS9YPw==;
Original-Received: from tomas by mail.tuxteam.de with local (Exim 4.80)
 (envelope-from <tomas@tuxteam.de>)
 id 1mhu3w-0005Xb-M6; Tue, 02 Nov 2021 14:42:52 +0100
Content-Disposition: inline
In-Reply-To: <YYE1sEv6yS1bBUcu@odonien.localdomain>
Received-SPF: pass client-ip=5.199.139.25; envelope-from=tomas@tuxteam.de;
 helo=mail.tuxteam.de
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:278476
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/278476>


--IiVenqGWf+H9Y6IX
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline

On Tue, Nov 02, 2021 at 01:57:20PM +0100, Vasilij Schneidermann wrote:
> There's a paper going around that demonstrates how two Unicode features
> can be used to trick source code auditors into misinterpreting program
> logic.

"Trojan source", yes. A discussion was started already at help-gnu-emacs,
Message-ID: <CANc-5Uy_au4VV2AGWO1pYHZHVTfHFqCmig06GdN5CfHfrBu1tA@mail.gmail.com>

Cheers
 - t

--IiVenqGWf+H9Y6IX
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAmGBQFwACgkQBcgs9XrR2kZrhgCdEGuL3YO+FCZe2SG9EBxEEr+3
56kAni9DXGpAoRwKIGYNtdu4EleMx80Q
=Nrdo
-----END PGP SIGNATURE-----

--IiVenqGWf+H9Y6IX--