Trojan Source: Invisible Vulnerabilities

bsr tmp543901 at buckeye-express.com
Sun Nov 7 16:56:59 GMT 2021


This is an clever exploit but a disturbing threat to open source.  Mitigations are provided by the authors in the form of new compiler checks.  As of now I think most compilers (all?) are still vulnerable to this attack.

research paper:
https://arxiv.org/pdf/2111.00169.pdf

author's website for general understanding
https://trojansource.codes/


More information about the Discuss mailing list