zlacker

[return to "Llama.ttf: A font which is also an LLM"]
1. electr+4e[view] [source] 2024-06-23 14:19:38
>>fugled+(OP)
While cool, technically… From a security perspective today I learned that TrueType fonts have arbitrary code execution as a ‘feature’ which seems mostly horrific.
◧◩
2. samwil+xe[view] [source] 2024-06-23 14:25:55
>>electr+4e
Not really, no more so than a random webpage running js/WASM in a sandbox.

The only output from the WASM is to draw to screen. There is no chance of a RCE, or data exfiltration.

◧◩◪
3. electr+ih[view] [source] 2024-06-23 14:51:55
>>samwil+xe
I’m open to your idea, but can you explain in technical terms why a wasm sandbox is invulnerable to the possibility of escape vulnerabilities when other flavors of sandboxes have not been?
[go to top]