[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#234535: xserver dies if I start gimp with LANG=no_NO.UTF-8

tag 234535 = upstream security help
retitle 234535 xserver-xfree86: X server can be crashed by xfstt font server (DoS attack)
severity 234535 important

On Wed, Apr 28, 2004 at 03:47:54PM +0200, Helge Hafting wrote:
> Michel Dänzer wrote:
> >On Wed, 2004-04-28 at 12:04, Helge Hafting wrote:
> >>I don't know if xfstt does something wrong, but X shouldn't really crash
> >>even if xfstt is wrong. One cannot trust font servers to be nice - they 
> >>may be external after all.
> >
> >True, but if it only happens with xfstt, there might be little incentive
> >to fix this.
> Sure, if an obsolete xfstt is the only problem server.

I still think there is a DoS attack here, and I think it's worth trying
to track the problem down.

Keith, do you know off the top of your head where me might look for
trouble if the X server is connected to a misbehaving font server?

G. Branden Robinson                |    If I recall correctly, devfs went
Debian GNU/Linux                   |    straight from being marked as
branden@debian.org                 |    EXPERIMENTAL to OBSOLETE in the
http://people.debian.org/~branden/ |    kernel config.     -- Tore Anderson

Attachment: signature.asc
Description: Digital signature

Reply to: