Tom <tom@lemuria.org> wrote: > > Is this really a mozilla bug? > It's a bug in X that becomes remote-exploitable through mozilla. Ack. If X can be crashed by an application, X is at fault. We all know, that there are "legal" ways to make X unuseable (xlock e.g.), but actually crashing the X server should never happen, as a faulty application may cause data loss in correct applications this way. Not what we expect in a Unix environment. > > (a) Fix every app to disallow font sizes bigger then <maxvalue> > > (b) Fix XFS to return an error code to the calling application > > when requested font size is greater then configured <maxvalue> > > Personally i would go for b. > Personally, I would go for both, with a limitation on a, namely that > apps that accept remote data (i.e. mozilla) should definitely do some > checking on that data before handing it to the local system (i.e. X). Right. Applications that accept untrusted data have a special responsibility to canonicalize them in order to protect the underlying system from the possible side effects. No matter if the underlying system _should_ be able to cope with them. However that does not mean, the bug in the lower layers may remain there. Also note, that - as I already reported to Tom in PM - not all X servers are affected. I tested the example sites using Mozilla 1.0RC2 on an XGGI server which is based on rather old X-consortium code IIRC and the expected effects did not show up. CU, Andy -- Andreas Beck | Email : <becka@uni-duesseldorf.de>
