[tex-k] BiDi Trojan Source Code
doug at mathemaesthetics.com
Tue Nov 2 16:26:44 CET 2021
This is quite the security bug:
“Bringing all this together, we arrive at a novel supply-chain attack on source code. By injecting Unicode Bidi override characters into comments and strings, an adversary can produce syntactically-valid source code in most modern languages for which the display order of characters presents logic that diverges from the real logic. In effect, we anagram program A into program B.”
I'm wondering whether it affects TeX in some way.
More information about the tex-k