unofficial mirror of help-gnu-emacs@gnu.org
 help / color / mirror / Atom feed
* Trojan Source detection/highlight in Emacs?
@ 2021-11-01 22:19 Skip Montanaro
  2021-11-01 23:25 ` Stefan Monnier via Users list for the GNU Emacs text editor
  2021-11-02 14:01 ` Eli Zaretskii
  0 siblings, 2 replies; 14+ messages in thread
From: Skip Montanaro @ 2021-11-01 22:19 UTC (permalink / raw)
  To: Help GNU Emacs

The recent Trojan Source vulnerability crossed my newsfeed a day or two
ago. Here's an article from Krebs on Security:

https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/

Here's the rub:

Most programming languages let you put these Bidi overrides in comments and
strings. This is bad because most programming languages allow comments
within which all text — including control characters — is ignored by
compilers and interpreters. Also, it’s bad because most programming
languages allow string literals that may contain arbitrary characters,
including control characters.

...

The research paper, which dubbed the vulnerability “Trojan Source,” notes
that while both comments and strings will have syntax-specific semantics
indicating their start and end, *these bounds are not respected by Bidi
overrides*.


Krebs didn't give a concrete code example, but did reference a Rust Lang
blog post which does:

https://blog.rust-lang.org/2021/11/01/cve-2021-42574.html

As an example, the following snippet (with {U+NNNN} replaced with the
Unicode codepoint NNNN):


if access_level != "user{U+202E} {U+2066}// Check if admin{U+2069}
{U+2066}" {


...would be rendered by bidirectional-aware tools as:


if access_level != "user" { // Check if admin


This would give the reader the mistaken impression that the program is
comparing admin_level with the value "user".

There is also a C example on the Trojan Source website (scroll down):

https://trojansource.codes/

You can also get to the PDF of the paper describing the problem.

Rust is adding detection to its lint tool. It seems that may be the
approach taken by the maintainers of other languages.

The Python community is working on a PEP for this (doesn't even yet have a
number), but you can view the nascent PEP and discussion here:

https://mail.python.org/archives/list/python-dev@python.org/thread/6DBJJRQHA2SP5Q27MOMDSTCOXMW7ITNR/#6DBJJRQHA2SP5Q27MOMDSTCOXMW7ITNR

IDEs, editors, and lint tools are probably where the bulk of the action
will be. Has this been discussed within the Emacs developer community?
Maybe a bidi minor mode would be a good place to implement some
colorization, with the minor mode enabled by default in most programming
language major modes (with easy disabling by the user).

Let's be careful out there...

Skip Montanaro


^ permalink raw reply	[flat|nested] 14+ messages in thread
* Re: Trojan Source detection/highlight in Emacs?
@ 2021-11-03  8:52 Anders Munch
  2021-11-03 13:03 ` Eli Zaretskii
  0 siblings, 1 reply; 14+ messages in thread
From: Anders Munch @ 2021-11-03  8:52 UTC (permalink / raw)
  To: help-gnu-emacs@gnu.org

Eli Zaretskii wrote:
> Stefan Monnier wrote: 
>> A simple and straightforward way to do that is to highlight any 
>> non-ASCII char, and to render all the "non printing" chars (such as 
>> RIGHT-TO-LEFT OVERRIDE) as tofu or something like that (otherwise, the 
>> highlighting applied to it wouldn't be visible).
>
> That's already available, no changes needed.

Can we get a recipe, please?
For the "non-printing" chars part that is - I certainly wouldn't want to ruin all non-ASCII text, homoglyphs be damned.

I tried customising bidi-paragraph-direction, setting it to 'left-to-right, but I'm not seeing any effect, despite the docstring saying it /forces/ directionality. I guess it just sets a default, and explicit bidi control characters take precedence.
 
regards, Anders




^ permalink raw reply	[flat|nested] 14+ messages in thread
* Re: Trojan Source detection/highlight in Emacs?
@ 2021-11-03 15:17 Anders Munch
  2021-11-03 17:28 ` Eli Zaretskii
  0 siblings, 1 reply; 14+ messages in thread
From: Anders Munch @ 2021-11-03 15:17 UTC (permalink / raw)
  To: help-gnu-emacs@gnu.org

Eli Zaretskii wrote:
> Anders Munch <ajm@flonidan.dk> wrote:
>> Can we get a recipe, please?
>
> Customize the variable glyphless-char-display-control.

Thanks for the pointer, that would be the 'format-control' group?

I see it set to "Display as thin space".
But that's only half the story. The other half of how bidi control characters display is the effect that they have on surrounding text. 
glyphless-char-display-control does not affect that.

>  The doc string says it [bidi-paragraph-direction] forces the directionality of the paragraph.  If you don't already know what that means, I suggest to read the "Bidirectional Editing" node in the Emacs manual, it should explain that.

I went looking for a bidi off switch precisely because I'm aware that the Unicode bidi rules are complicated, or at least confusing when put into practice, and for those of us that don't read RTL languages, it might be better to switch it off completely than to try to understand it.

bidi-paragraph-direction was the only candidate to a bidi off switch that I could find.
If that's not what it is, then where is the master switch to turn bidi processing off?

regards, Anders




^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2021-11-03 17:28 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-11-01 22:19 Trojan Source detection/highlight in Emacs? Skip Montanaro
2021-11-01 23:25 ` Stefan Monnier via Users list for the GNU Emacs text editor
2021-11-02 14:09   ` Eli Zaretskii
2021-11-02 14:56     ` Stefan Monnier via Users list for the GNU Emacs text editor
2021-11-02 15:19       ` Eli Zaretskii
2021-11-02 14:14   ` Stefan Monnier via Users list for the GNU Emacs text editor
2021-11-02 14:01 ` Eli Zaretskii
2021-11-02 15:01   ` Skip Montanaro
2021-11-02 15:13     ` Eli Zaretskii
2021-11-02 15:12   ` Stefan Monnier via Users list for the GNU Emacs text editor
  -- strict thread matches above, loose matches on Subject: below --
2021-11-03  8:52 Anders Munch
2021-11-03 13:03 ` Eli Zaretskii
2021-11-03 15:17 Anders Munch
2021-11-03 17:28 ` Eli Zaretskii

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).