Branden Robinson wrote:
tag 234535 = upstream security help retitle 234535 xserver-xfree86: X server can be crashed by xfstt font server (DoS attack) severity 234535 important thanks On Wed, Apr 28, 2004 at 03:47:54PM +0200, Helge Hafting wrote:Michel Dänzer wrote:On Wed, 2004-04-28 at 12:04, Helge Hafting wrote:I don't know if xfstt does something wrong, but X shouldn't really crasheven if xfstt is wrong. One cannot trust font servers to be nice - they may be external after all.True, but if it only happens with xfstt, there might be little incentive to fix this.Sure, if an obsolete xfstt is the only problem server.
Bad news. Yesterday I installed the xfs-xtt package at home. (Thats the one for using xfs with truetype, right?) I started an X that used xfs-xtt only (no plain xfs, no xfstt) I got all my fonts, including truetype this way. I also got the crash back. :-( Please tell if there is some other preferred way of getting truetype fonts.
I still think there is a DoS attack here, and I think it's worth trying to track the problem down.
I'll make a new attempt with the debug server, it ought to work fine as soon as the DRI-free kernel finish compiling. Helge Hafting
Keith, do you know off the top of your head where me might look for trouble if the X server is connected to a misbehaving font server?