On Mon, Feb 6, 2017 at 3:51 AM, Marek Marczykowski-Górecki <[email protected]> wrote: > On Sun, Feb 05, 2017 at 05:37:42PM -0800, daltong defourne wrote: >> Hi! >> Working with lots of non-english text and sites now. The substitution thing >> is becoming a bit too much to bear. >> >> How dangerous would using allow_utf8_titles be? >> Are risks limited to homographs or is there a risk of something fancier >> happening, like, I dunno, GUI-daemon exploit (hypothetically) ? > > It's mostly about (unknown) attack vector on window manager - title > rendering and such. As we know from Apple world, strange things may > happen here. > >> Is there any sanitizing happening if allow_utf8_titles is activated ? > > Yes, we do verify if the title is correct UTF-8 sequence. Also, ASCII > control characters are still disallowed. But nothing more. > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab
It all depends on what the window manager is doing - it can handle ASCII in an insecure way as well, e.g. to support bells or ANSI color codes. The main risk is of homograph attacks - strings that look but aren't the same. The validator could be extended to provide a warning about a known set of lookalike characters outside a chosen locale(s), e.g. by adding an extra string prefix. Some of the homographs are available in ASCII as well (0,1, o, O, i, l, I) and are only possible to catch using dictionaries. Of course such a defense would likely be fallible. Best regards, -- Radosław Szkodziński -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CAAmECqRsFYCYArNKs3Sb1nXw-bAk98B0PTfTp3pi5LfzcMvpTg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
