From: Stefan Monnier via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org>
To: help-gnu-emacs@gnu.org
Subject: Re: Trojan Source detection/highlight in Emacs?
Date: Tue, 02 Nov 2021 10:56:50 -0400 [thread overview]
Message-ID: <jwvr1byd3sf.fsf-monnier+emacs@gnu.org> (raw)
In-Reply-To: 8335oelkdg.fsf@gnu.org
>> Clearly, Eli will know better, but I suspect that we may be able to
>> avoid most of those issues by (conceptually) treating comment delimiters
>> as bidi barriers. Of course, that leaves open the question of what
>> I mean by "bidi barrier" and of how to implement it ;-)
>
> It's more than that: bidi reordering happens on a very low level in
> the display engine, where there's absolutely no information about
> stuff like comment delimiters and PL syntax in general. In
> particular, that code runs before font-lock and similar features
> examined the text syntactically and decided what is and what isn't a
> comment.
That's the "how to implement it" part, yes. BTW, I don't think it's the
case that bidi reordering is done "before font-lock and similar features
examined the text" (bidi reordering applies to text rendering and
font-lock faces are applied before the buffer's text is rendered).
> We could instead provide an ability to bidi-reorder only certain
> stretches of text, marked by some special text property. Then a Lisp
> program could mark only comments and strings with that property, and
> the reordering would not happen anywhere else in the buffer.
If we don't want to allow properly rendered Hebrew identifiers, then
it's indeed a great solution. It would be pretty easy to make font-lock
add a special `bidi-enable` text property to strings and comments.
> Doing something like that is relatively simple, but not too simple, so
> I'd say this particular issue doesn't justify the effort.
I suspect none of the solutions are "too simple" to implement.
But I don't think we should rush to implement something, since there are
several ways to attack this problem, and it's probably worth thinking
a bit more about the full extent of the problem (after all, it's mostly
a problem of security, where we hence should assume the attacker will be
clever enough to try and circumvent the simple measures we may come up
with).
> I would start with detecting such reordered code and flagging it.
Indeed, another approach is to render it "normally" and then flag those
places where the rendering may mislead the reader, which could also
include the confusables.
A simple and straightforward way to do that is to highlight any
non-ASCII char, and to render all the "non printing" chars (such as
RIGHT-TO-LEFT OVERRIDE) as tofu or something like that (otherwise, the
highlighting applied to it wouldn't be visible).
Stefan
next prev parent reply other threads:[~2021-11-02 14:56 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-01 22:19 Trojan Source detection/highlight in Emacs? Skip Montanaro
2021-11-01 23:25 ` Stefan Monnier via Users list for the GNU Emacs text editor
2021-11-02 14:09 ` Eli Zaretskii
2021-11-02 14:56 ` Stefan Monnier via Users list for the GNU Emacs text editor [this message]
2021-11-02 15:19 ` Eli Zaretskii
2021-11-02 14:14 ` Stefan Monnier via Users list for the GNU Emacs text editor
2021-11-02 14:01 ` Eli Zaretskii
2021-11-02 15:01 ` Skip Montanaro
2021-11-02 15:13 ` Eli Zaretskii
2021-11-02 15:12 ` Stefan Monnier via Users list for the GNU Emacs text editor
-- strict thread matches above, loose matches on Subject: below --
2021-11-03 8:52 Anders Munch
2021-11-03 13:03 ` Eli Zaretskii
2021-11-03 15:17 Anders Munch
2021-11-03 17:28 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=jwvr1byd3sf.fsf-monnier+emacs@gnu.org \
--to=help-gnu-emacs@gnu.org \
--cc=monnier@iro.umontreal.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).