[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [ft-devel] Digital signatures
From: |
Turner, David |
Subject: |
RE: [ft-devel] Digital signatures |
Date: |
Thu, 25 Aug 2005 17:18:11 +0200 |
Hi George,
It's a well-known fact that the TrueType engine is placed in the Windows
kernel since NT 4 (more precisely, it's in the file WIN32K.SYS, which
is the kernel-mode driver of the Win32 sub-system).
There is thus a _real_ risk that on this system, a buggy font may crash
your system. You can also envision a virus writer writing some malware
font if some buffer overflows can be exploited in the engine or the
VM Bytecode interpreter.
It's then conceptually possible to imagine a similar font file designed
to take ownership of your X server or other applications that happen to
use FreeType (e.g. nearly anything that displays AA text) on Linux. That is,
if a security hole is found in the engine. If these apps are run as root
with all priviledges, this could be a problem too.
But, as you rightly pointed out, digital signatures do not offer any
credible protection to the buggy and malware problems. What's worse is
that they provide a _false_ sense of security. What a joke !
My opinion is that the DSIG table is the brain-child of DRM-obsessed
managers at Microsoft Typography (or above), who don't understand much
things regarding security.
If digital signatures are not mandatory _and_ used with non-reversible
encryption, they're simply useless.
Don't even bother to lose your time on these things.
Regards,
- David Turner
- The FreeType Project (www.freetype.org)
> There has been an argument running on the OpenType list about Digital
> signatures.
>
> I must confess I fail to understand the need for them on a linux/unix
> platform. Perhaps someone can illuminate me, or perhaps linux/unix is
> different enough from Windows/Mac that font validation isn't as
> important.
>
> As I understand it, the Digital signature says that someone
> (who has at
> one time been in some sense verified to exist) says the font
> is ok. But
> it does not say the font has been validated or anything useful, just
> that someone thought it was ok. (It doesn't even say that the someone
> wasn't a virus-writer ten years ago when the certificate was obtained
> who has since moved on from the original location)
>
> First of all that seems a very weak form of protection.
>
> Secondly I don't really understand what damage a font can do to my
> system. The worst I can think of is
> a) crash the X server
> b) send pango into an infinite loop.
> To me neither of these seems all that worrying.
>
> I don't see how a bad font can have any real effect on the
> integrity of
> my system.
>
> Perhaps this is more of an issue on a system like the Mac where the
> system can't come up in a non-windowing mode. So if the font used for
> the menu is corrupt you are screwed.
>
> Am I missing something?
>
>
>
> _______________________________________________
> Freetype-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/freetype-devel
>