[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ft-devel] Digital signatures
|
From: |
Rogier van Dalen |
|
Subject: |
Re: [ft-devel] Digital signatures |
|
Date: |
Fri, 26 Aug 2005 11:00:45 +0200 |
On 8/26/05, Antoine Leca <address@hidden> wrote:
> DSIG is a MS thing, and they have (thanks to the monolithic architecture
> which integrates the GUI with the kernel, while targetting both workstations
> and servers) to think about these issues.
>
>
> > I don't see how a bad font can have any real effect on the integrity
> > of my system.
>
> Right now, neither am I. However it seems that in security, paranoia is a
> needed skill.
I have actually been able to crash Windows 2000 a few times while
playing with TrueType instructions. Though I'd be the first to say
Microsoft had better fix their interpreter, there may be other
problems. I think it may be possible to construct GSUB or GPOS tables
that do weird things; I think glyphs with points that are wildly out
of bounds may cause massive memory allocation on some systems.
The digital signature seems a manager solution to a technical problem.
How paranoid must we be about security problems? I seem to remember
talk about testing FreeType on randomly corrupted fonts; has any work
on this been done?
Regards,
Rogier