GCC 12 Ready To Help Fend Off Trojan Source Attacks

GCC 12 is adding the -Wbidi-chars warning flag for detecting Trojan Source attacks involving Unicode control characters. There is also a new on-by-default flag for GCC diagnostics to escape non-ASCII characters for helping to indicate the control character issues.
The new -Wbidi-chars option is ready to go for the GCC 12 release that should debut as stable in the form of GCC 12.1 around April. Red Hat's David Malcolm who has been involved in this Trojan Source attacks handling by compilers wrote a Red Hat developer blog post this past week outlining this new prevention warning.
More details on this new class of vulnerabilities disclosed last year via TrojanSource.codes.
13 Comments