[tex-k] BiDi Trojan Source Code
Doug McKenna
doug at mathemaesthetics.com
Tue Nov 2 16:26:44 CET 2021
This is quite the security bug:
<https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/>
“Bringing all this together, we arrive at a novel supply-chain attack on source code. By injecting Unicode Bidi override characters into comments and strings, an adversary can produce syntactically-valid source code in most modern languages for which the display order of characters presents logic that diverges from the real logic. In effect, we anagram program A into program B.”
I'm wondering whether it affects TeX in some way.
Doug McKenna
More information about the tex-k
mailing list.