Follow-up Comment #11, bug #64577 (project groff):
I decided to tidy up the Type 1 fonts and put them all the pfa, pfb, and ps
files into /usr/local/share/fonts/Type1, which is where X11 (and numerous
other applications) expect to find them.
[These path names are FreeBSD specific, but Linux will be analogous.]
Everything went fine until I started forefox. It went to 100% CPU. So I tried
chrome, and iridium, all with the same result.
Truss showed that they were stuck in an infinite loop repeatedly traversing
the devps "directory" (/usr/local/share/fonts/Type1/devps -> .). It seems that
these web browsers can't handle a self-referential sym link.
Luckily I provide Type 1 fonts to groff in "ps" format, and I can put them
back into a separate directory, not used by web browsers. So I can call it
"devps" or I can add the "devps -> ." symlink.
But, I expect that many users will want groff to be able to use pfa fonts also
used by X11 applications like web browsers. The "devps -> ." hack won't work
for them.
Nobody will want to keep a separate copy of Type 1 fonts just for the sole use
of groff.
I understand you have a security issue. May I suggest you review the meaning
of GROFF_FONT_PATH and its requirement to contain a directory named "devps".
Maybe consider looking at ghostscript's GS_LIB (either a single directory or a
list of directories separated by a character appropriate for the operating
system) as a starting point model?
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?64577>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
