From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: Unicode confusables and reordering characters considered harmful Date: Wed, 03 Nov 2021 15:46:35 +0200 Message-ID: <834k8tic78.fsf@gnu.org> References: <875ytag0hb.fsf@yahoo.com> <87zgqmd5np.fsf@mat.ucm.es> <83wnlqk3rn.fsf@gnu.org> <72dd5c2a-42c7-b12e-05ed-e93adbd89727@gmail.com> <83ilxajyhw.fsf@gnu.org> <83fssejxf8.fsf@gnu.org> <835ytajsv2.fsf@gnu.org> <11d5fecb44af1d388b7f@heytings.org> <11d5fecb449846dc0851@heytings.org> <11d5fecb443892de13b1@heytings.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="18790"; mail-complaints-to="usenet@ciao.gmane.io" Cc: gregory@heytings.org, stefan@marxist.se, cpitclaudel@gmail.com, emacs-devel@gnu.org To: Stefan Monnier Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Wed Nov 03 14:47:46 2021 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1miGcD-0004fv-NB for ged-emacs-devel@m.gmane-mx.org; Wed, 03 Nov 2021 14:47:45 +0100 Original-Received: from localhost ([::1]:53902 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1miGcC-0008Qt-L4 for ged-emacs-devel@m.gmane-mx.org; Wed, 03 Nov 2021 09:47:44 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:40286) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1miGb8-0007hw-5Z for emacs-devel@gnu.org; Wed, 03 Nov 2021 09:46:38 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:52244) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1miGb7-0007cm-MQ; Wed, 03 Nov 2021 09:46:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From: Date; bh=vJ64uh9fMQNSdGnu13ujsxx0m6eqrvMjfeWZ/f7HnvM=; b=KwJEt4cMdkBztuHO60zx pkVSS2vhcZuBgc7+0AaKKakWnYkIfDTVKkAaV7bBSKvQwRI3G4gHSCc5k2fgR33qYXCyxwys7CExl uizUOBdld6UlZY4f6DTqoaf01qY1FWarHgzlKFng59lWOBLlJ0w9cvxgrsOMkJfBflEd0Xmh2Yol2 OFghZC2+w1tu5HOek7m5COgTVZp+66f6K+r6qYiQnGMQJg/KLHCHwgIc2sYRE7bu+IXSWz+QmAma/ BsXF/anf04sxDbDDFfQ9RRKpzWKaJKQNBmrreX0SCIT2BKzAjhGCbs+b8den6M5qiHe1k7bO2Hv15 zFgwvohpW40hWQ==; Original-Received: from [87.69.77.57] (port=1521 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1miGb7-0001ll-7V; Wed, 03 Nov 2021 09:46:37 -0400 In-Reply-To: (message from Stefan Monnier on Wed, 03 Nov 2021 08:20:01 -0400) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:278581 Archived-At: > From: Stefan Monnier > Cc: Stefan Kangas , Eli Zaretskii , > Clément Pit-Claudel , > emacs-devel@gnu.org > Date: Wed, 03 Nov 2021 08:20:01 -0400 > > I was more worried about the fact that, while highlighting those chars > might be helpful to warn about accidental uses of them, if attackers > want to trick the reader, I'm pretty sure they can get similar results > without having to use those special LTR/RTL override chars: > > int hi = 5; > int שָׁלוֹם = hi; > int hello = 10; > int السّلامعليك = hello; > myfun(שָׁלוֹם ,السّلامعليكم) > > There's no override here, but did I call `myfun` with args 5 and 10 or > did I call it with args 10 and 5? If we want, we can detect such cases as well. It's quite easy, actually, because the display engine has that information handy.