Not New: Unicode in Filenames Can Make You Run Things You Did Not Mean To

This isn’t really fresh news, but I thought it was an interesting idea. It’s allegedly been around since before 2015.

Watching a Youtube video (ID = ieQUy8YTbFU) over lunch made me test that theory on my system.

  1. Pick an image file, anything you are sure will pop up your image viewer with the image loaded.
  2. Rename the file such, assuming you used a PNG file: imagename.png > imagename.txt.png
  3. Hit F2 to rename the file again, but this time position your text cursor between the ‘.’ and the first ‘t’ in ‘txt’, type Ctrl-U and enter 202e and hit Enter. Your filename will now read “imagename.gnp.txt”
  4. Open the “text file” and your image viewer starts.

Consider if this were an executable file. Yes, I know that GNU/Linux handles files differently from that Redmond system and doesn’t rely so much on file extensions, but it might be worth remembering in case you are forced to use one of those malicious machines, just in case you find a file called filenamebrexe.txt or something. The Unicode 202e has to do with writing systems that write from right to left:

1 Like

This not really that strange - when a GNU based system opens a file the opener action is decided from content of the file - not the file name.

You can see what kind of type a file is by using the

file filename.txt