[erlang-questions] Atom Unicode Support
Wed Feb 3 18:00:39 CET 2016
Oh for sure there's all sorts of hilarity in C. Doubtless in erlang, too.
But the existence of other attack vectors doesn't suggest that you should
ignore a new one.
It'd probably be a good idea, if this were to be implemented, if there were
some tooling or flags for the compiler to warn when unicode was used in a
potentially dangerous setting, so that people taking pull requests on
erlang code (or even just typing code wrong) could avoid some classes of
On Wed, Feb 3, 2016 at 8:47 AM, Fred Hebert <mononcqc@REDACTED> wrote:
> On 02/03, Felix Gallo wrote:
>> There's also an interesting security issue around Unicode source code.
>> Take for example the recent hack of Cryptsy, which involved a guy taking
>> what looked like an innocent and safe pull request to fix an issue in one
>> part of his software, but through the magic of the preprocessor, turned
>> to do something else entirely:
> My counter-argument to that is that you don't need any of that cool UTF
> stuff to do that.
> - http://www.underhanded-c.org/ underhanded C contest is all about
> writing regular looking C code doing nasty stuff
> juniper code was broken by someone adding in a password check that looked
> like a log line
> using a non-prime in crypto communication, possibly being a backdoor.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions