Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

GCC 12 Ready To Help Fend Off Trojan Source Attacks

Written by Michael Larabel in GNU on 16 January 2022 at 08:00 AM EST. 13 Comments

GNU

Disclosed a few months back were "Trojan Source" attacks against compilers where specially crafted code could be rogue but not appear so due to exploiting Unicode issues. Unicode control characters could be used to reorder tokens in source code that could alter the behavior when compiled. With the upcoming GCC 12 compiler release there is a new warning to help point out possible Trojan Source attacks.

GCC 12 is adding the -Wbidi-chars warning flag for detecting Trojan Source attacks involving Unicode control characters. There is also a new on-by-default flag for GCC diagnostics to escape non-ASCII characters for helping to indicate the control character issues.

The new -Wbidi-chars option is ready to go for the GCC 12 release that should debut as stable in the form of GCC 12.1 around April. Red Hat's David Malcolm who has been involved in this Trojan Source attacks handling by compilers wrote a Red Hat developer blog post this past week outlining this new prevention warning.

More details on this new class of vulnerabilities disclosed last year via TrojanSource.codes.

13 Comments

Related News

Glibc 2.41 Adds C23's sinpi / cospi / tanpi Functions

GCC 15 Ends Support For Altera Nios II Embedded Processors

GNU Linux-libre 6.12-gnu Continues Dealing With More Blobs In The Kernel

GCC 15 Compiler Development Shifts From Features To Bug Fixing

GCC 15 Moves C Default Language Version To C23

GCC 15 Adds Option For Arm Guarded Control Stack "GCS" Code Generation

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts

Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels

Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd

How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs

Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal

COSMIC Alpha 4 Released For System76's Rust-Based Desktop

GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd

KDE Starts December By Landing A Number Of New Features