[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: suggestion for checking unicode characters against "trojan source attacks"

Hi Jérémy,

On Mon, Nov 1, 2021 at 11:22 AM Jérémy Lal <kapouer@melix.org> wrote:
>
> the topic is about CVE-2021-42574 and CVE-2021-42694.

Lintian does not currently look for either condition. I do not have
time to read up in detail on either condition, but would happily help
you write a Lintian check.

Due to the complexity, it might help to have a third party tool. The
first condition about bidirectional characters seems reasonably
straightforward for sources, in which authors do not usually mix two
languages with opposing directions. The second condition about
homoglyph seems more complex, unless source code instructions are
restricted to ASCII (except for data strings, which may be shown to
users).

Either way, I am happy to help. Writing checks has never been easier!

Kind regards
Felix Lechner
Reply to: