From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Stefan Monnier via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org>
Newsgroups: gmane.emacs.help
Subject: Re: Trojan Source detection/highlight in Emacs?
Date: Tue, 02 Nov 2021 11:12:39 -0400
Message-ID: <jwvlf26d2ib.fsf-monnier+emacs@gnu.org>
References: <CANc-5Uy_au4VV2AGWO1pYHZHVTfHFqCmig06GdN5CfHfrBu1tA@mail.gmail.com>
 <834k8ulkqe.fsf@gnu.org>
Reply-To: Stefan Monnier <monnier@iro.umontreal.ca>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="37073"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
To: help-gnu-emacs@gnu.org
Cancel-Lock: sha1:EFrUJl9OsYU2V5Vhcp80VsVKo1M=
Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Tue Nov 02 16:14:04 2021
Return-path: <help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1mhvUC-0009U6-4p
	for geh-help-gnu-emacs@m.gmane-mx.org; Tue, 02 Nov 2021 16:14:04 +0100
Original-Received: from localhost ([::1]:35162 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1mhvUA-0003WT-W1
	for geh-help-gnu-emacs@m.gmane-mx.org; Tue, 02 Nov 2021 11:14:03 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:35274)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <geh-help-gnu-emacs@m.gmane-mx.org>)
 id 1mhvT4-000376-Mp
 for help-gnu-emacs@gnu.org; Tue, 02 Nov 2021 11:12:56 -0400
Original-Received: from ciao.gmane.io ([116.202.254.214]:60856)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <geh-help-gnu-emacs@m.gmane-mx.org>)
 id 1mhvT0-0004QY-Tr
 for help-gnu-emacs@gnu.org; Tue, 02 Nov 2021 11:12:53 -0400
Original-Received: from list by ciao.gmane.io with local (Exim 4.92)
 (envelope-from <geh-help-gnu-emacs@m.gmane-mx.org>)
 id 1mhvSz-00080A-5G
 for help-gnu-emacs@gnu.org; Tue, 02 Nov 2021 16:12:49 +0100
X-Injected-Via-Gmane: http://gmane.org/
Received-SPF: pass client-ip=116.202.254.214;
 envelope-from=geh-help-gnu-emacs@m.gmane-mx.org; helo=ciao.gmane.io
X-Spam_score_int: -16
X-Spam_score: -1.7
X-Spam_bar: -
X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9,
 HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: help-gnu-emacs@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Users list for the GNU Emacs text editor <help-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-gnu-emacs>,
 <mailto:help-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/help-gnu-emacs>
List-Post: <mailto:help-gnu-emacs@gnu.org>
List-Help: <mailto:help-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-gnu-emacs>,
 <mailto:help-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "help-gnu-emacs"
 <help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.help:134314
Archived-At: <http://permalink.gmane.org/gmane.emacs.help/134314>

> Now, the code there is not ready for the kind of tricks these new
> examples are playing, so it doesn't detect them.  It can be enhanced
> to do that, though.  But I'm reluctant to invest my time and energy in
> a feature that will just keep collecting dust.  So I will only work on
> this if someone is actually prepared to use this function in Emacs by
> adding some user-facing UI features, like making the problematic text
> stand out on display, or displaying a warning.

I can see two use cases:

- One that's disabled by default, and where we can expect the users to
  accept a fairly strict definition of "normal" (e.g. flag any non-ASCII
  char as suspicious).  That should be pretty easy to implement, but
  very rarely used (only by security-conscious people who happen to
  work almost exclusively with code using English identifiers and
  comments).

- One that's enabled by default, but in that case it'll have to be a lot
  more permissive so as not to get in the way of people who want to
  write comments and identifiers in their mother tongue.  Making this
  permissive enough without leaving gaping security holes seems hard.

> I should also mention that Emacs has (weak) defenses against this kind
> of tricks: we show the formatting control characters on display,
> unlike other editors that hide them.  Also, cursor motion with C-f and
> C-b will seem to behave erratically if you move across the problematic
> text.  So users that actually look at the code they use will most
> probably find out that something strange is going on (if they don't
> look, no visual cue will do).

If the readers are only reviewing the code without actually editing it,
there's a significant probability that they won't move across the
problematic case with the cursor (they'll only do that with their eyes).


        Stefan