[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] pdf with tor



On 13 Jul 2015 00:12, "Yuri" <yuri@rawbw.com> wrote:
> It is nothing inherently unsafe in pdf format itself, and any other
document formats aren't any safer. You probably confuse pdf and PostScript,
which is more like a programming language.

No I think we are definitely talking about PDF files in this thread.
History has shown that whenever there is any kind of non-trivial parsing
involved with an application then there is a high risk of exploitable bugs.

Just look at how many CVEs get posted against things like web browsers,
packet sniffers, document viewers. Even things like compression
implementations and XML parsers have the occasional vulnerability.

PDF parsers have it particularly bad since the PDF format specification is
very big and complex and controlled by a single organisation which is
desperately trying to retain market share by piling on new features.

PostScript is something entirely unrelated. It is a way of describing the
layout of documents with words, like a very early CSS or Latex. I remember
claims about it being Turing complete but I think that this is in a similar
spirit to C++ templates being Turing complete. I have doubts over whether
it has enough IO capabilities to do anything malicious on its own.

You do raise an interesting point regarding embedded JavaScript inside PDF
files which can also be used to exploit vulnerabilities in the viewer. Many
PDF viewers will execute this code without the user even knowing about it.

If a PDF convertor ignores these embedded scripts then I think that is a
definite bonus point for Niels' conversion strategy.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk