On Tue, Feb 19, 2019 at 2:27 AM Werner LEMBERG <[email protected]> wrote: > > > We're a group of researchers from University of California > > Riverside. We recently discovered that the outline processing (font > > translation/decomposition) subroutine in the Freetype version 2.9.1 > > takes variable amount of time depending on which character is to be > > rendered. As a result, an unprivileged attacker could potentially > > utilize flush+reload cache side-channel attack to measure the > > execution time of said subroutine to infer user input. Although in > > most applications, this subroutine is performed only once for each > > character of the same font type, we found that for some applications > > this is enough for an attacker to extract sensitive information. > > > > For detailed information please refer to our paper in the link > > below. We would be very happy to work with you to address this > > issue. Please let us know what you think. > > > > https://www.cs.ucr.edu/~zhiyunq/pub/ndss19_cache_keystrokes.pdf > > Thanks for bringing this to our attention. Glyph rendering is a time > consuming process; making the rendering time of all glyphs equal is > definitely a no-go IMHO, since it would make FreeType far too slow. > > What I could imagine, however, is to add some random fuzz so that the > rendering time varies by an additional value N (with N to be set by > the library user). I can imagine that this would sufficiently reduce > the repeatability, making it much harder to execute the attack as > described in your paper. >
I don't think that belongs in FreeType. -- behdad http://behdad.org/
_______________________________________________ Freetype-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/freetype-devel
