tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Fonts for console/fb for various locales: a proposal
On Mon, Sep 30, 2019 at 02:46:41AM -0400, Michael wrote:
> Hello,
>
> On Sun, 29 Sep 2019 18:02:14 -0400
> Thor Lancelot Simon <tls%panix.com@localhost> wrote:
>
> > On Sat, Sep 28, 2019 at 02:39:19PM +0200, tlaronde%polynum.com@localhost wrote:
> > >
> > > 4. Rasterizing (c). This is the whole purpose of METAFONT. METAFONT is a
> > > rasterizer.
> >
> > Rasterization of vector fonts by privileged code has been a major source
> > of security holes in other operating systems. Does the very limited
> > benefit really justify the risk?
>
> We already have support for alpha fonts, which are rasterized vector
> fonts. On most supported hardware you can take a truetype font, feed it
> to a utility found in xsrc/local/programs/ttf2wsfont to generate a
> rendering in whatever size you specify, and load that into a wsdisplay.
> There's also something to directly load BDF fonts.
> Caveat: it's the user's responsibility to make sure the font is
> suitable for console use, as in, monospace or at least not excessively
> proportional.
>
As for my proposal---not discussing METAFONT as a security risk, even
if, due to the way it is programmed, seems very unlikely---the rasterization
would be done once, by a user, not privileged, to obtain the bitmap
fonts. It is not supposed to be done on the fly: it is a way to build
suitable bitmap fonts, on whatever size, assembling or combining glyphes
in whatever order to have a font for whatever locale.
--
Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
http://www.kergis.com/
http://www.sbfa.fr/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
Home |
Main Index |
Thread Index |
Old Index