GCC 12 Ready To Help Fend Off Trojan Source Attacks

Written by Michael Larabel in GNU on 16 January 2022 at 08:00 AM EST. 13 Comments
GNU
Disclosed a few months back were "Trojan Source" attacks against compilers where specially crafted code could be rogue but not appear so due to exploiting Unicode issues. Unicode control characters could be used to reorder tokens in source code that could alter the behavior when compiled. With the upcoming GCC 12 compiler release there is a new warning to help point out possible Trojan Source attacks.

GCC 12 is adding the -Wbidi-chars warning flag for detecting Trojan Source attacks involving Unicode control characters. There is also a new on-by-default flag for GCC diagnostics to escape non-ASCII characters for helping to indicate the control character issues.

The new -Wbidi-chars option is ready to go for the GCC 12 release that should debut as stable in the form of GCC 12.1 around April. Red Hat's David Malcolm who has been involved in this Trojan Source attacks handling by compilers wrote a Red Hat developer blog post this past week outlining this new prevention warning.


More details on this new class of vulnerabilities disclosed last year via TrojanSource.codes.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week