just for reference https://trojansource.codes/
On 04.11.21 10:50, lists wrote:> The unicode hack is in the comments. Google "Trojan Source".
Having never dealt with Hebrew and Arabic, it was news to me there is a right to
left feature in Unicode.
>
> TWIT Security Now (MP3): SN 843: Trojan Source - Chrome 0-days, Windows 11
confusion, VoIP DDos attacks, Dune
https://pdst.fm/e/chtbl.com/track/E91833/cdn.twit.tv/audio/sn/sn0843/sn0843.mp3#t=4768
[01:19:28]
>
> Or look for the paper. Hopefully this isn't too off topic.
>
>
>
>
> ? Original Message
>
>
> From: reinob at bbmk.org
> Sent: November 4, 2021 2:16 AM
> To: dovecot at dovecot.org
> Reply-to: dovecot at dovecot.org
> Subject: Re: Dovecot v2.3.17 released
>
>
> On Thu, 4 Nov 2021, Rupert Gallagher wrote:
>
>> Please convert all source code to ASCII. If it fails to compile, then
it may
>> have a trojan hiding in Unicode clothing.
> Did you check yourself?
>
> The only source code files which contain non-7-bit-ASCII characters are
> 1. src/lib-storage/list/mailbox-list-index-status.c
> ? * Opportunistic function to see ?f we can extract guid from mailbox path
*/
>
> i.e. in a /* comment */, and it's 8-bit ASCII not even UTF-anything.
>
> 2. src/lib-mail/test-qp-encoder.c
> which defines binary data.
>
> I don't think any C compiler allows Unicode in the code itself
(instructions,
> variables names, etc.)
>
> Cheers.