Around 20 o'clock on Sep 6, Brian Stell wrote:
> > Well, the app better have some way of getting root access.
>
> Root access for apps the handle large amounts of external data
> and programs (java/javascripts) like Mozilla? This sounds like
> a security problem.
No, I suggest that the font installer which modifies shared configuration
be a system administrative tool instead of a user application.
User-specific font installation could remain a part of the user
application. We might also consider how to make it convenient for
other users to share these "unauthorized" fonts.
> A font worm would need to find a hole thru FreeType. Probably do
> able but I worry far more about about a direct attach via rpms.
I wouldn't be surprised if there were buffer overflow attacks possible with
current Xft/FreeType2/Pango/Qt/Render bits; any time general users can make
root read complex files raises the possibility of such errors. Far better
to allow paranoid admins comfort in the immutability of their environment
by average users.
[EMAIL PROTECTED] XFree86 Core Team SuSE, Inc.
_______________________________________________
Render mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/render
