[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] pdf with tor

On 13-07-2015 10:10, Apple Apple wrote:
> On 13 Jul 2015 00:12, "Yuri" <yuri@xxxxxxxxx> wrote:

> PostScript is something entirely unrelated. It is a way of describing the
> layout of documents with words, like a very early CSS or Latex. I remember
> claims about it being Turing complete but I think that this is in a similar
> spirit to C++ templates being Turing complete.

No, Postscript is a real programming language.

> I have doubts over whether
> it has enough IO capabilities to do anything malicious on its own.

Depends on the Postscript interpreter.

But there has been postscript vulnerabilities.

> You do raise an interesting point regarding embedded JavaScript inside PDF
> files which can also be used to exploit vulnerabilities in the viewer. Many
> PDF viewers will execute this code without the user even knowing about it.
> If a PDF convertor ignores these embedded scripts then I think that is a
> definite bonus point for Niels' conversion strategy.

Yes, but I am not sure about that.

Niels Elgaard Larsen
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to