Re: Attack vectors through Unassigned Code Points in IDN

From: Clark Cox (clarkcox3@gmail.com)
Date: Wed Mar 18 2009 - 21:21:37 CST

Next message: Peter Constable: "RE: Old Hungarian at SC2/WG2"

Previous message: John H. Jenkins: "Re: Attack vectors through Unassigned Code Points in IDN"
In reply to: Chris Weber : "RE: Attack vectors through Unassigned Code Points in IDN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

On Wed, Mar 18, 2009 at 7:17 PM, Chris Weber <chris@casabasecurity.com> wrote:
> I've looked on three systems, two Mac's - one is a colleagues, and one is my
> wife's which I don't do any funky stuff on. And on my Windows system, I
> looked at these in 'all' available fonts I have. Most of the fonts
> installed showed empty whitespace, including Arial Unicode MS, Courier New,
> Lucida Sans Unicode, and Everson Mono. Some fonts, not many, showed boxes
>
> Do you know which font you used and could you try a few more on Mac?

In this case, it doesn't matter...

> How
> does system and application configuration determine which font displays a
> character when many fonts are capable?

If the selected font doesn't contain a glyph for a particular
character, the Mac will fall back to other fonts until it finds one
that does. So, effectively, if the character is covered by *any* font
installed on your Mac, it will be used. I presume that Windows does
something similar.

>
> When you say you think I have a font installed incorrectly on these three
> systems, do you mean the font is the problem or the way it's installed is
> the problem?

The font is likely the problem. That is, a font is claiming to cover a
particular character, but just has an empty space for the glyph. You
OS sees that font, and trusts that the font is telling the truth, and
so uses it to render that character.

>
> -Chris
>
>
>
>
> -----Original Message-----
> From: unicode-bounce@unicode.org [mailto:unicode-bounce@unicode.org] On
> Behalf Of John H. Jenkins
> Sent: Wednesday, March 18, 2009 3:54 PM
> To: Unicode List
> Subject: Re: Attack vectors through Unassigned Code Points in IDN
>
>
> On Mar 18, 2009, at 4:23 PM, Chris Weber wrote:
>
>> My question is - why would these code point ranges U+115A..U+1160
>> and U+11A3..U+11A7 render as white space in Mac and Windows? This
>> isn't just a product of Firefox, which I agree handles this poorly.
>> In any application (e.g. notepad) they show as white space. I
>> would expect them to map to a box or other no-glyph-exists fallback.
>>
>
> On my Mac they are not white space. It looks like you have a font
> installed that (incorrectly IMHO) uses a blank glyph to display them.
>
> =====
> John H. Jenkins
> jenkins@apple.com
>
>
>
>
>
>
>

-- 
Clark S. Cox III
clarkcox3@gmail.com

Next message: Peter Constable: "RE: Old Hungarian at SC2/WG2"
Previous message: John H. Jenkins: "Re: Attack vectors through Unassigned Code Points in IDN"
In reply to: Chris Weber : "RE: Attack vectors through Unassigned Code Points in IDN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.5 : Wed Mar 18 2009 - 21:23:51 CST