The very fact that environment variables can be dangerous prove that they are used by the libraries chromium depends on; otherwise it wouldn't be dangerous. Using files instead of environment variables wouldn't be less dangerous. It would be even more dangerous because it is relatively easy to have a list of safe variables; rogue config files cannot be unset so easily.
]]>Also, configuring a library via variables is not common, the normal way is for the library to provide an API, and you then make API calls from your application. Or the library reads configuration from a specific file or database. Or both - that's how fontconfig works for example, it parses XML files from /etc/fonts and ~/.config/fontconfig and there's also an API.
]]>Actually, I'd argue that the real problem is freetype using configuration via environment variables.
Chromium's "problem" isn't with FREETYPE_PROPERTIES at all, it's that for security reasons it doesn't access *any* variables, not just this particular one. But that's a feature, not a "problem", hence my use of the quotes and why the Chromium bug was initially closed as WontFix.
I will qualify it as a bug nevertheless, the Freetype library use some environment variables for its configuration which is quite usual for a library (there are plenty environment variables that can be set for the 3D mesa library, for example). If Chromium want to use it, it should use it properly.I don't consider that font rendering is a minor issue for a browser. The main purpose of a browser is still to render text.
]]>As @olive said, "The real problem is that chrome/chromium do not respect FREETYPE_PROPERTIES".
Actually, I'd argue that the real problem is freetype using configuration via environment variables.
Chromium's "problem" isn't with FREETYPE_PROPERTIES at all, it's that for security reasons it doesn't access *any* variables, not just this particular one. But that's a feature, not a "problem", hence my use of the quotes and why the Chromium bug was initially closed as WontFix.
]]>As @olive said, "The real problem is that chrome/chromium do not respect FREETYPE_PROPERTIES".
]]>This is just wrong. Try it, set CONFIG_USER_NS=y and start chromium with --no-sandbox and open chrome://sandbox/.
First of all, you use "--no-sandbox" to launch chromium, so besides turning off sandbox functions, what else you suppose chromium to do? To turn on sandbox functions?
Second, I guess maybe I didn't make my self clear when I mentioned "disable sandbox" in the answer to @olive.
The "disable sandbox" does not mean turn off sandbox functions with option "--no-sandbox" when running chromium. It means remove SUID sandbox feature when compiling chromium.
On a CONFIG_USER_NS=n kernel, if you remove SUID sandbox feature when compiling, then you'll get a chromium which really doesn't have any sandbox feature at all. No security.
On a CONFIG_USER_NS=y kernel, even if you remove SUID sandbox feature when compiling, you'll still get a chromium which has another sandbox-feature enabled, the "Namespace sandbox".
So when you open "chrome://sandbox" on a chromium which has SUID sandbox feature compiled, you'd see
SUID Sandbox Yes
and if CONFIG_USER_NS=y, you'd see
Namespace Sandbox Yes
and if you use "--no-sandbox" to run chromium, (despite SUID sandbox is compiled or not, despite CONFIG_USER_NS is set or not), you'd see
SUID Sandbox No
Namespace Sandbox No
P.S. We've gone far from the OP, so please stop in thread. If you want to continue, please send message to me.
]]>I know Arch doesn't have this option, which doesn't change the truth chrome-sandbox is only needed on CONFIG_USER_NS=n kernels.
This is just wrong. Try it, set CONFIG_USER_NS=y and start chromium with --no-sandbox and open chrome://sandbox/.
]]>I read all of it. And your advice to disable major security features because it supposedly doesn't matter on a different distribution (i.e., not Arch) isn't helpful either.
I don't think you read all of it carefully. Where shows you I advice to disable major security feature. Please don't misleading other readers, and let's stop the meaningless argument.
I am talking to @olive, and he knows exactly what I am talking about, which you don't obviously.
]]>As indicated in the OP and title, this thread is solely about the appearance of fonts in Chromium.
Reading OP and title is not enough to join in a thread. You are supposed to read all post of someone, if you want to reply to him.
Arch does not have this option set in its kernels.
I know Arch doesn't have this option, which doesn't change the truth chrome-sandbox is only needed on CONFIG_USER_NS=n kernels.
]]>The chrome-sandbox is only needed on CONFIG_USER_NS=n kernels.
Arch does not have this option set in its kernels.
]]>Disabling the chrome sandbox just for some fonts seems like an overly drastic measure... you might as well use a different browser then.
First, please don't garble, please read the whole topic from top to bottom. I disable chrome-sandbox not just for some fonts. I disable it to test if chrome can preserve all environment variables.
And second, which is important, chrome-sandbox is not necessary. Do you know that? The chrome-sandbox is only needed on CONFIG_USER_NS=n kernels.
My kernel is CONFIG_USER_NS=y, so I definitely can disable chrome-sandbox just for some fonts. It is not an overly drastic measure.