Bug#1014029: invisible malicious unicode in source code - detection and prevention

To: 1014029@bugs.debian.org
Subject: Bug#1014029: invisible malicious unicode in source code - detection and prevention
From: Stephan Verbücheln <erlenmayr@gmail.com>
Date: Wed, 29 Jun 2022 14:06:43 +0800
Message-id: <[🔎] 3884e74992886400a099742069e0e777cc398501.camel@gmail.com>
Reply-to: Stephan Verbücheln <erlenmayr@gmail.com>, 1014029@bugs.debian.org
In-reply-to: <[🔎] ada4a6e1-a1f2-fb3a-5cef-bc3591f5ffe4@whonix.org>
References: <[🔎] ada4a6e1-a1f2-fb3a-5cef-bc3591f5ffe4@whonix.org> <[🔎] ada4a6e1-a1f2-fb3a-5cef-bc3591f5ffe4@whonix.org>

Your text is quite chaotic, it is hard to distinguish the quotes from
your ideas what to do in Debian.

I think the main problem here are the programs which are presenting
source code to humans (text editors, terminals, HTML pages in Gitlab
etc.).
Quotes should always terminate everything. A control character within a
string literal should not have any effect outside of the quotes. The
rules should be similar as we know them from syntax highlighting. All
directional instructions should be terminated by the closing quote.

However, since it is not realistic to free all relevant tools from all
related bugs soon, compiler warnings make sense.
There I think it does not make sense to ban all Unicode. Unicode
clearly distinguishes printable and non-printable characters and so on.
So all characters that print something clearly visible can be
whitelisted.

Regards

Reply to:

References:
- Bug#1014029: invisible malicious unicode in source code - detection and prevention
  - From: Patrick Schleizer <adrelanos@whonix.org>

Prev by Date: Bug#1014039: ITP: xyzservices -- Source of XYZ tiles providers
Next by Date: Lintian breaks existing lintian-overrides due to added []
Previous by thread: Bug#1014029: invisible malicious unicode in source code - detection and prevention
Next by thread: Bug#1014029: marked as done (invisible malicious unicode in source code - detection and prevention)
Index(es):
- Date
- Thread