Could a Snap package provide a font for other applications, system-wide, including non-Snap apps?
I was thinking about this use case recently. In short:
- a snap could provide a font to other snaps from the same publisher
- a snap could provide a font to all interested snap packages from any publisher assuming the store issues a proper snap declaration
- a snap cannot yet provide arbitrary content to the classic world.
That last use case was the most interesting to me.
In general the problem is two-fold:
- ensuring compatibility over time, I think we can mostly ignore it for fonts
- ensuring that the content from the snap world cannot attack the classic world
That last item is the most difficult to handle correctly because of historic data showing how crafted fonts, images, movies, sound clips and pretty much any other type of data can be used to break content parsers and cause arbitrary code execution. As a general advice from the security team we were suggesting providing a confined content filter / re-compressor that runs under confinement, gets to read from the file provided by a snap (e.g. the vanilla font file from the snap) and writes a sanitised version of the same content to a location managed by snapd. The distribution of content filters would be governed by snapd and store policy so we could reasonably introduce additional filters as we support more data types.