Hiding Vulnerabilities in Source Code

mark_j · Nov 2, 2021

Chances of this in curated software: close to zero.
Chances of this being run by your browser via some hideously large javascript: close to absolute.

Cath O'Deray · Nov 3, 2021

Also:

"Trojan Source" Bug threatens the Security of all code

Opinions? https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/

forums.freebsd.org

ct85711 · Nov 3, 2021

Frankly, this kind of "issue" a minor thing, that is dependent on the character encoding. Switching to another character map, like a non UTF-* character map would reveal the issue. If anything, you can more easily get the Trojan Source/Horse portion in the languages like JS/Rust/Python that use a repository to spread packages around (like it has already been done and proven).

Hiding Vulnerabilities in Source Code

Mr. Salty

Guest

mark_j

Cath O'Deray

"Trojan Source" Bug threatens the Security of all code

ct85711