On Fri, Aug 05, 2022 at 06:46:34PM +0200, Walter Alejandro Iglesias wrote: > > I compiled xterm with your patch. With default settings xterm shows no > error and the font selected is loaded correctly, and this is a detail I > forgot to mention: before your patch, besides the error, the selected > Xft font wasn't loaded. > > But your patch solves the problem partially. Let me explain my point, > exactly because I don't like to modify system files and because at some > point I got tired of freedesktop "innovations" and to find out what > every Linux distribution or BSD system did in /etc/fonts, decades ago I > decided to set FONTCONFIG_FILE variable to point to my ~/.fonts.conf > (more late to ~/.config/fontsconfig/fonts.conf). And I did something > alike with all desktop related config files. Fonts and icons I need are > in my home dir too. In that way just untaring my home directory I got > my environment behaving in the way I wanted in any unix-like system. > > Now, after applying your patch, setting FONTCONFIG_FILE and > FONTCONFIG_PATH to my home config dir and file, xterm loads the xft font > correctly but the error appears again. I don't understand why since it > seemed to me to see in the code (main.c) that home directory as well as > the xdg direcories are also unveiled. >
The fontconfig library is really hostile to sandboxing attempts for applications using it. If one looks at the code that was added to xterm to cope with the various environment variables change the way it looks for its configuration and locations where fonts can be found, it already quite long and a similar bit of code needs to be added to *any* application that links to fontconfig and wants to protect itself using unveil. In the long term it's really hard to maintain. So at some point we need to give up on this pattern of making every possible part of the system full configurable. We may add support for FONTCONFIG_FILE and FONTCONFIG_PATH to xterm if people really need it, but I don't think other applications that use unveil and need to handle fontconfig (chromium and the mozillas come to my mind) know about those variables. -- Matthieu Herrb
