Can a font blob contain code that spies?
by Ulysses_ from LinuxQuestions.org on (#4YN43)
Listing blobs with vrms in my favorite distro outputs this:
Non-free packages installed on peppermint
amd64-microcode Processor microcode firmware for AMD CPUs
fonts-ubuntu sans-serif font set from Ubuntu
intel-microcode Processor microcode firmware for Intel CPUs
nemo-dropbox Dropbox integration for Nemo
ttf-ubuntu-font-family sans-serif font set from Ubuntu (transitional package)
Contrib packages installed on peppermint
flashplugin-installer Adobe Flash Player plugin installer
iucode-tool Intel processor microcode tool
Can font packages such as those in bold facilitate invasions of privacy or even complete take-over of the system? Or is the job of rendering fonts with hints done in a limited language that cannot execute arbitrary code? Or the latter is true but the package does not only contain font rendering instructions but also native binaries that can do whatever they want?
Non-free packages installed on peppermint
amd64-microcode Processor microcode firmware for AMD CPUs
fonts-ubuntu sans-serif font set from Ubuntu
intel-microcode Processor microcode firmware for Intel CPUs
nemo-dropbox Dropbox integration for Nemo
ttf-ubuntu-font-family sans-serif font set from Ubuntu (transitional package)
Contrib packages installed on peppermint
flashplugin-installer Adobe Flash Player plugin installer
iucode-tool Intel processor microcode tool
Can font packages such as those in bold facilitate invasions of privacy or even complete take-over of the system? Or is the job of rendering fonts with hints done in a limited language that cannot execute arbitrary code? Or the latter is true but the package does not only contain font rendering instructions but also native binaries that can do whatever they want?