Hi George, It's a well-known fact that the TrueType engine is placed in the Windows kernel since NT 4 (more precisely, it's in the file WIN32K.SYS, which is the kernel-mode driver of the Win32 sub-system).
There is thus a _real_ risk that on this system, a buggy font may crash your system. You can also envision a virus writer writing some malware font if some buffer overflows can be exploited in the engine or the VM Bytecode interpreter. It's then conceptually possible to imagine a similar font file designed to take ownership of your X server or other applications that happen to use FreeType (e.g. nearly anything that displays AA text) on Linux. That is, if a security hole is found in the engine. If these apps are run as root with all priviledges, this could be a problem too. But, as you rightly pointed out, digital signatures do not offer any credible protection to the buggy and malware problems. What's worse is that they provide a _false_ sense of security. What a joke ! My opinion is that the DSIG table is the brain-child of DRM-obsessed managers at Microsoft Typography (or above), who don't understand much things regarding security. If digital signatures are not mandatory _and_ used with non-reversible encryption, they're simply useless. Don't even bother to lose your time on these things. Regards, - David Turner - The FreeType Project (www.freetype.org) > There has been an argument running on the OpenType list about Digital > signatures. > > I must confess I fail to understand the need for them on a linux/unix > platform. Perhaps someone can illuminate me, or perhaps linux/unix is > different enough from Windows/Mac that font validation isn't as > important. > > As I understand it, the Digital signature says that someone > (who has at > one time been in some sense verified to exist) says the font > is ok. But > it does not say the font has been validated or anything useful, just > that someone thought it was ok. (It doesn't even say that the someone > wasn't a virus-writer ten years ago when the certificate was obtained > who has since moved on from the original location) > > First of all that seems a very weak form of protection. > > Secondly I don't really understand what damage a font can do to my > system. The worst I can think of is > a) crash the X server > b) send pango into an infinite loop. > To me neither of these seems all that worrying. > > I don't see how a bad font can have any real effect on the > integrity of > my system. > > Perhaps this is more of an issue on a system like the Mac where the > system can't come up in a non-windowing mode. So if the font used for > the menu is corrupt you are screwed. > > Am I missing something? > > > > _______________________________________________ > Freetype-devel mailing list > [email protected] > http://lists.nongnu.org/mailman/listinfo/freetype-devel > _______________________________________________ Freetype-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/freetype-devel
