Safari 3.1 and font support
Posted by Scott Laird Wed, 19 Mar 2008 01:19:00 GMT
So, one of the features that’s been in the WebKit tree for a while but finally showed up in Safari today is downloadable font support. You can use CSS to apply a specific font to an element and Safari will download the font from a URL provided.
That’s really cool, but the odds of an exploitable buffer overflow somewhere in the font rendering pipeline has to be almost 100%. I mean, almost every graphics format has had multiple exploitable bugs on every platform, and I can’t see how a complete OpenType renderer can be any less complex than JPEG. Even worse, this is a new attack vector, against a part of the system that wasn’t part of the security perimeter before. Is there a way to turn this off?
Nice post!
Heh, the standard soft-mod technique on the old original Microsoft X-boxes used a nice little buffer overflow in their font loader routines.
Take a look here for a bit more, if you’re interested. http://en.wikipedia.org/wiki/Softmod
And thanks for the ZFS fileserver idea, I’m now hacking around with opensolaris myself!