@benjojo i joked about this 2 or so years ago (outside the normalization context), i can’t believe this is actually real

Shame it doesn't work on Loonix.

@domi@donotsta.re @benjojo@benjojo.co.uk

@slopsec @benjojo alias ßh=ssh

there you go

@domi @benjojo eeeeh…
I feel like this would get extremely funny if POSIX ever ends up standardizing on an encoding *and* it's not just ASCII.

@domi @benjojo Although macOS probably wouldn't be alone there, ZFS has unicode normalization, but at least it's not default and configurable per subvolume.

@lanodan@queer.hacktivis.me @domi@donotsta.re @benjojo@benjojo.co.uk this is not normalization though, this is collation. And collation is (almost always) locale dependent.

@lanodan @benjojo ß is in cp437 tho! 0xE1

it’s in the extended charset, so not within 7-bit ASCII (and not compatible with UTF-8) but it’s actually one of the funny characters that made it in

@lanodan @benjojo oh, wait, i misread your message. Oh Well

@benjojo @WiteWulf no way. Amazing.

@benjojo what the hell! I saw someone else posting about this a few days ago and I thought it was a joke!!!

@meph @benjojo looking forward to all the EN-speaking devs switching to DE keyboard layouts.

Wir heißen Euch wärmstens willkommen ;)

vi /etc/nßwitch.conf

@benjojo Now I have to set ßh to a shell alias everywhere. This is brilliant.

@benjojo I love that!

@benjojo holy fuckin shit

@benjojo @hailey Haha – reminds me of this little CTF challenge:

https://github.com/skateboardingdog/bsides-cbr-2025-challenges/blob/main/misc/password-game/src/password_game.swift

(there is a solution in the repository)

@benjojo If your filesystem is set to case insensitive, ẞH works too.

@dentaku @benjojo In my testing, ß=ss only works on case-insensitive APFS (not HFS+), I assume because ß case-folds to "ss": https://tech.lgbt/@snowfox/115488236610258352

(I should try again with dotless/dotted i.)

@benjojo @weizenspreu o.O

@manawyrm @benjojo These are the kind of quirks I definitely wouldn’t expect of a MegaCorp in 2025. Loving it. 😄

@benjojo Nice one. I can absolutely see how that happened.

Human interface folks: "Filenames are text and should behave like text"

Unix folks: 😬

@benjojo
as for funny macos trivia, macos has a malloc zone called `MALLOC_NANO`, which was *always* mapped at 0x600000000000. I can see that it is still mapped into some processes, though I can't reproduce allocations into it with my previous PoCs, but IIRC, this zone used to be malloc()'s default zone for some cases.

@benjojo
This was discovered by an even funnier situation in which somebody allocated some memory during programs compiletime and outputted address of the dynamically allocated memory into a constant in the compiled program, then during runtime dereferenced this address and, to their surprise, nothing happened.

@benjojo @cstross sounds like my kind of pub.

@benjojo I kind of like it but hate the unavoidable inconsistency with et and at

@benjojo Friend of mine saw this, first thing he said is "this has to be exploitable".

... 😭 of course this has to bypass something's path sanitisation

@benjojo (He also mentions that APFS is case-sensitive on iOS)

@benjojo wunderbar, now ze Germans can finally ßh into their heimserver

@metaphil @benjojo
this happens if you don't use the
right command: 'ſſh'

@benjojo Yeah, a few weeks ago my fedi-bubble noticed that too:
https://toot.berlin/@krono/115484271882289019

@benjojo@benjojo.co.uk ...ohhh because case insensitive FS

@benjojo Baßed.

@benjojo
@cstross (or is that cstroß?)

Works in sh and zsh but not in csh or tcsh.

I had to look up how to type an eszett (opt-s).

@kdawson @benjojo @cstross

does not work on linux zsh and sh! tho im curious if this depends on system language or if its just a macOs quirk. possibly quite handy for command injection filter bypass.

@benjojo

Damn that i dont have any mac system. Now i got curious if you could use äöü also to bypass filters, intrusion detection etc. if you replace ae, oe, ue in other commands with the Umlauts.

@cstross @snornik @benjojo @kdawson it’s a quirk of OSX: it uses NFD for UTF-8, and ß canonically decomposes into ss, and pathname accesses on HFS+ and the likes are checked against the decomposed pathname.

Now I’d be interested in whether it also does that for NFS and/or for say ext2fs and FAT if it can mount them (then the NFD happens at VFS layer) or just for its own filesystems.

@mirabilos @cstross @snornik @benjojo @kdawson It's actually because of case insensitivity, not because of Unicode normalization. All normalization forms map ß to itself, but case folding changes ß to ss.

macOS allows formatting partitions as case-sensitive HFS+/APFS, so this should be a file system thing, not a limitation in the OS itself.

@benjojo OMG, brilliant :D

@benjojo @jwildeboer Looks like a feature to me! ;)

@JizzelEtBass @benjojo Yes… is I think the answer to your question, it’s your questions wording I’m a little confused about 🤭 https://en.wikipedia.org/wiki/NeXTSTEP

@benjojo@benjojo.co.uk Okay, this is hilarious! ^^

@benjojo Feature request: Open a Zsh on the remote side, because ß equals sz, so you're typing szh.

@benjojo There's also the famous encryption tool openßl.

@benjojo swiss users cannot comprehend this! (marked not safe for switzerland)

This is great

@benjojo oh my god. I did not know that

@TabascoEye
That’s a very nice ß! Which script/font is this?

@benjojo

@wetter @TabascoEye @benjojo > Although nowadays substituted correctly only by ss, the letter actually originates from two distinct ligatures (depending on word and spelling rules): long s with round s ("ſs") and long s with (round) z ("ſz"/"ſʒ")

https://en.wikipedia.org/wiki/German_alphabet#Sharp_s

@benjojo Oh dear, you found it. Be careful, that version of ssh connects you to the torment nexus host, and connecting to the torment nexus is rarely survivable.

@benjojo I wonder whether in some German locale, one can do `mkdir ÖBB` and then `cd OEBB` 😀

@benjojo I am SO adding an alias to my .bashrc for this RIGHT NOW!!! 😆

@benjojo does it work with szh too?

@benjojo That's wild. :D

@benjojo@benjojo.co.uk It's said that not all macOS apps work properly if filesystem case insensitivity is turned off, otherwise I'd like to when formatting my disk.

@niconiconi @benjojo I ran a case sensitive FS for a few years when there was talk of Apple switching to case-sensitive. 99% of stuff worked fine, but the remaining 1% was a complete nightmare.

@russss @niconiconi @benjojo Ohh, is there some clearer documentation about what broke and what sort of curse ?

@niconiconi @benjojo@benjojo.co.uk that's because of adobe

the only reason macos still has case insensitivity and weird normalization rules like in that post on the filesystem level is because adobe absolutely refuse to fix their shit

@benjojo

Tried it, wild...

Even wilder:

> which ßh
/usr/bin/ßh

@benjojo Holy Cow, Batman! Crikey.

<sarcasm>What could possibly go wrong?</sarcasm>

@benjojo as god intended

@benjojo Incredible, and yet it works.

touch teßt, file tesst also works :D

(You can't create tesst and teßt in the same directory)

@benjojo edit: forget what I wrote

See toot below

Orig: for non Germans: there is no win here... ßh looks shorter than ssh but it takes more complicated keystrokes to issue it (fits the German-ness, tho):

ssh = s,s,h
ßh = Alt Gr+?, h

@ppxl @benjojo what layout are you using? On typical QWERTZ layouts, ß has its own key.

@olifantoliver @ppxl @benjojo my assumption: most people who get this don't use QWERTZ anyway

(I switched to QWERTY when I started coding, I'm biased)

@olifantoliver @benjojo oh no I mistook the position of \ and ß

I stand corrected.

@benjojo this is not just a quirk. This is a vulnerability.

@zkat@toot.cat @benjojo@benjojo.co.uk ...how?

@julia @benjojo programs that check for conflicts manually when putting stuff in the file system won’t know to check for this “quirk”, leading to the same potential conflicts as case insensitivity but worse because who tf expects this. Think, for example, package managers

@zkat@toot.cat @benjojo@benjojo.co.uk uhhhh I'm pretty sure this is at the filesystem level, so eexist would be thrown

@julia @benjojo not necessarily no, depending on what you’re doing.

@zkat@toot.cat @benjojo@benjojo.co.uk @julia@eepy.moe while not a vulnerability per se, I can see how this can be misused by threat actors depending on how a companies EDR solution handles the detection of ssh usage.

@Xyla @benjojo @julia I’m not talking about the ssh part being the vuln. The issue is that it does this kind of conversion that other systems might not be accounting for. Other things than ssh might be affected. What other special Unicode does this apply to?

@benjojo OMG 😹

@benjojo sad, because that would be ſʒh :p

@benjojo macos is whack and i love it

@benjojo filesystem normalization is always a monstrous mistake.

normalize/collate for search and display, not storage and equality.

@benjojo @misty I hope I’m getting trolled right now

@benjojo @misty The fuck :D

@benjojo @misty I kinda wonder now if there any other substitutions like those

Edit ok that makes a lot of sense

https://news.ycombinator.com/item?id=34502166

@benjojo

@benjojo not as quirky and exploitable as it seems - while "ß" is normalised to the equivalent "ss" macOS will still prefer any script or binary that matches the non-normalised input (/usr/local/bin is first in my path and would take precedence over /usr/bin/):

@benjojo it’s not APFS’s (there’s is names in unicode), but it’s by terminal emulator and shell and symbol position in the charset.

@benjojo
This is related to the fun of macos normalizing utf-8 names. Put a non-normalized utf-8 name on an NFS share, and some macos apps won't be able to find/open it. You can drag and drop it, but if you use the open command it won't work.