Bryan Steele 

#OpenBSD now runs fd.o #fontconfig fc-cache(1) utility as an unprivileged '_fc-cache' user, dropping root privileges at both build time & at runtime (pkg_add). 

bentley@ modified src/*: Change ownership of fontconfig cache to _fc-cache user.

ok kn@ deraadt@

bentley@ modified usr.sbin/pkg_add/OpenBSD/PackingElement.pm: When installing fonts, run fc-cache as the unprivileged _fc-cache user.

From espie; ok deraadt@

bentley@ modified xenocara/*: Don't perform font caching as root.

During build, run fc-cache as BUILDUSER.

When fc-cache is run as root, drop automatically to the _fc-cache user so /var/cache/fontconfig doesn't acquire root-owned files.

ok deraadt@

This nicely improves upon Anthony J. Bentley previous effort back in May, adding pledge(2) to fc-cache(1). 

bentley@ modified xenocara/dist/fontconfig/fc-cache/fc-cache.c: Call pledge(2) in fc-cache(1): "stdio rpath wpath cpath flock".

ok deraadt

Jul 13, 2025 at 3:16pmWeb