Re: pdf files in upstream tarball and -doc package
Alejandro Exojo <suy@badopi.org> wrote:
> El Viernes, 11 de Febrero de 2005 17:21, Jay Berkenbilt escribió:
>> That isn't to say that it is impossible to create a security hole
>> through a PDF file, but it's more comparable to html in that respect
>> than to PostScript. In other words, you could include a malicious
>> link or put invalid PDF data that would exploit a security hole in a
>> specific PDF viewer, but you can't actually embed malicious code.
>
> Really?
>
> http://lists.kde.org/?l=kde-core-devel&m=110470798901386&w=2
>
> I'm a PDF ignorant, so maybe I misunderstood something.
This article points to the fact that you can create a link in a PDF
that opens an application. This is the kind of thing I meant when I
said that a PDF could include a malicious link in the same way HTML
code could, though PDF can do it in a more generalized way. Since you
could embed the application "rm -rf /" in a PDF, I'll have to back off
a bit on my original point, so thanks for the correction.
The difference here though is that you could create a postscript file
that would remove files just by having you load it in ghostscript,
whereas the user would have to actually select a link in this example,
but in some ways, this is splitting hairs. It's certainly somewhat
more difficult to examine the target of the link in a PDF than in
HTML, but as the article you referenced points out, the viewer can
help with this.
Thanks for making this point in response to my message. I don't want
my message to lull anyone into a false sense of security -- you and
Martin are correct that it would be possible to create a PDF that has
damaging code in it in that sense. Sorry for the confusion.
--
Jay Berkenbilt <ejb@ql.org>
Reply to: