[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tor-talk] pdf with tor
On 13-07-2015 10:10, Apple Apple wrote:
> On 13 Jul 2015 00:12, "Yuri" <firstname.lastname@example.org> wrote:
> PostScript is something entirely unrelated. It is a way of describing the
> layout of documents with words, like a very early CSS or Latex. I remember
> claims about it being Turing complete but I think that this is in a similar
> spirit to C++ templates being Turing complete.
No, Postscript is a real programming language.
> I have doubts over whether
> it has enough IO capabilities to do anything malicious on its own.
Depends on the Postscript interpreter.
But there has been postscript vulnerabilities.
> files which can also be used to exploit vulnerabilities in the viewer. Many
> PDF viewers will execute this code without the user even knowing about it.
> If a PDF convertor ignores these embedded scripts then I think that is a
> definite bonus point for Niels' conversion strategy.
Yes, but I am not sure about that.
Niels Elgaard Larsen
tor-talk mailing list - email@example.com
To unsubscribe or change other settings go to