[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] pdf with tor




On 13-07-2015 10:10, Apple Apple wrote:
> On 13 Jul 2015 00:12, "Yuri" <yuri@rawbw.com> wrote:

> PostScript is something entirely unrelated. It is a way of describing the
> layout of documents with words, like a very early CSS or Latex. I remember
> claims about it being Turing complete but I think that this is in a similar
> spirit to C++ templates being Turing complete.

No, Postscript is a real programming language.

> I have doubts over whether
> it has enough IO capabilities to do anything malicious on its own.


Depends on the Postscript interpreter.


But there has been postscript vulnerabilities.

> You do raise an interesting point regarding embedded JavaScript inside PDF
> files which can also be used to exploit vulnerabilities in the viewer. Many
> PDF viewers will execute this code without the user even knowing about it.
> 
> If a PDF convertor ignores these embedded scripts then I think that is a
> definite bonus point for Niels' conversion strategy.


Yes, but I am not sure about that.

-- 
Niels Elgaard Larsen
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk