xfs_scrub: warn about unicode variation selectors in names
ArsTechnica recently wrote about a GitHub supply chain attack wherein
non-rendering unicode sequences were embedded in javascript files to
hide payloads that could be decrypted trivially later. While these are
unlikely to appear in file and attribute names, we should warn about
this sort of steganography.
Link: https://arstechnica.com/security/2026/03/supply-chain-attack-using-invisible-code-hits-github-and-other-repositories/
Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
projects / xfsprogs-dev.git / commit