Best practice for safe viewing of PDFs posted to list
Links to PDFs are not uncommon on this list but I never feel good about opening them up. Is the advice in this 2010 article still relevant? [1] ...How can you protect yourself from their inherent vulnerabilities? Hypponen suggests you completely avoid opening PDFs on your local machine, instead viewing them through Google Docs. If you're using Chrome, Firefox, or Opera, you can install the gPDF plug-in to automate the process for web-based PDFs. For your local files, he suggests you "use a PDF reader that's as unpopular as possible. The fewer users a product has, the less attacks it will attract."... I usually use an open source reader like muPDF on SumatraPDF in a VM, but it's a hassle. Curious if the advice given above is still relevant and also what other on the list recommend for safe viewing of PDFs. [1] http://www.pcmag.com/article2/0,2817,2362356,00.asp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/10/2015 04:50 PM, Seth wrote:
Links to PDFs are not uncommon on this list but I never feel good about opening them up. [ ... ]
I usually use an open source reader like muPDF on SumatraPDF in a VM, but it's a hassle.
Curious if the advice given above is still relevant and also what other on the list recommend for safe viewing of PDFs.
I think that using a reader like Evince inside a VM should be very safe, relatively speaking. Needless to say, if paranoia is an issue don't let a PDF file you didn't make yourself touch any installed Microsoft OS (except inside a VM used for no other purpose and "rolled back" to an earlier snapshot after every use) or any "smart phone." If you want a really unpopular PDF reader, try the GIMP: It can import PDF files as rendered images, one layer per page. It can't execute active content. Anybody who anticipates this security measure, and devises a way to make a PDF file climb out of the GIMP and take over the machine, arguably deserves to succeed. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVeK+5AAoJEDZ0Gg87KR0LBHEQAIRqeMYyIysEMARM3+76L198 lLs9CDN2vTJAtXp/x6cb6xKWswppYpN8WqV/FWWRvUA1Las6HuBpyf0ULiY/piC6 5z3CF1KzKlNI2sRX93bvNQZJ0alKOshwRBjCRb5mEue7hCHmyosTu0ppxY37Q/go oaKnWaevihOh5jv1W2Rc7IOElXw6seQwp6nEQDEce8GlN7i+h+g2UbID5HKW02/c xxSIdSPZhExwaz/RaICGT6g9mCuz3AT8xg+gdbzW8lVlrpaqEQuY07OGITIXYxoz vycfyZOYjudWv72njz7qpoYXoTdfte8Iwde8s4GN77JttzdXEySrzd/cXUxR08aD +0+JnNCjTxM191C4gZW0OKdPleqUBwZOMUJpTrTpbP/JPYW3JqOSzG9BZmMh9ClG LP97WEootEiP/ZsB+H9uOaXC6NZTnVfj9MV2ovr9vsUhNOuNKSHH6usJqaUGS2l6 ccM5ZXU/yHECCfwFWzcsOCIT1EAPlfEpzB74hZ3ja5RlRa9jmmelEUpbmS16PKNy wsqVsoN67uIsVGfTskIEWiWfRj8lORBLKY2hre16cvZ8nGH2+p6Mm3y/ImKSFJAg 883ScaQMNW2KBwCEV2NJ5zjMgo5/VBKo1sZ/R15ppKXTR3QgnlHRdnGzavOhb1Tr IBmOZqBJ1QUHWLOA4koI =+zTe -----END PGP SIGNATURE-----
Seth <list@sysfu.com> wrote:
Curious if the advice given above is still relevant and also what other on the list recommend for safe viewing of PDFs.
If your web browsing habits don't include NoScript, then you're likely no worse off using pdf.js to view PDFs than you are browsing arbitrary websites. After all, pdf.js has no more or less permissions than any other JS you might encounter in the wild; and since pdf.js is bundled with modern versions of Firefox, you might be inclined to think that it's likely non-malicious even if it's exploitable by rogue PDFs. But that's no worse than some JS malware you were fed via DNS poisoning or CDN hijacking. (This can be seen either as an implicit endorsement of pdf.js or of NoScript.) -=rsw
After all, pdf.js has no more or less permissions than any other JS you might encounter in the wild
Are we sure about this? JS loaded from localhost can do some dangerous stuff because CORS doesn't apply anymore to local resources such as the filesystem. What context does pdf.js run in? If Mozilla didn't carefully sandbox it, and if it executes PDF Javascript embeds (does it?) then it could potentially have filesystem access? This would mean that the closed-source spyware platform from Google might actually be safer in this case. But I don't know; pdf.js might be injected into the remote resource and therefore have CORS restrictions tied to the source domain. It's all implementation.. I'd be inclined to use pdfotext for textual data or GIMP as Steve recommended. You can probably use some combination of common PDF utils, headless GIMP, and ImageMagick to make a script to do the same thing instantaneously. On 10/06/15 23:01, Riad S. Wahby wrote:
Seth <list@sysfu.com> wrote:
Curious if the advice given above is still relevant and also what other on the list recommend for safe viewing of PDFs.
If your web browsing habits don't include NoScript, then you're likely no worse off using pdf.js to view PDFs than you are browsing arbitrary websites. After all, pdf.js has no more or less permissions than any other JS you might encounter in the wild; and since pdf.js is bundled with modern versions of Firefox, you might be inclined to think that it's likely non-malicious even if it's exploitable by rogue PDFs. But that's no worse than some JS malware you were fed via DNS poisoning or CDN hijacking.
(This can be seen either as an implicit endorsement of pdf.js or of NoScript.)
-=rsw
-- Scientific Director, IndieBio Irish Programme Now running in Cork, Ireland May->July Learn more at indieb.io and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey
Come to that, for bonus points you could make a little server that automates this process and then reconstitutes a raster PDF of an input PDF in real time, then displays it with PDF.js. Install the server and run at start-up, and change some settings in your browser, and voila: an intermediated PDF-scrubber with all the convenience of Firefox + PDF.js. :) On 11/06/15 10:13, Cathal Garvey wrote:
After all, pdf.js has no more or less permissions than any other JS you might encounter in the wild
Are we sure about this? JS loaded from localhost can do some dangerous stuff because CORS doesn't apply anymore to local resources such as the filesystem. What context does pdf.js run in? If Mozilla didn't carefully sandbox it, and if it executes PDF Javascript embeds (does it?) then it could potentially have filesystem access?
This would mean that the closed-source spyware platform from Google might actually be safer in this case. But I don't know; pdf.js might be injected into the remote resource and therefore have CORS restrictions tied to the source domain. It's all implementation..
I'd be inclined to use pdfotext for textual data or GIMP as Steve recommended. You can probably use some combination of common PDF utils, headless GIMP, and ImageMagick to make a script to do the same thing instantaneously.
On 10/06/15 23:01, Riad S. Wahby wrote:
Seth <list@sysfu.com> wrote:
Curious if the advice given above is still relevant and also what other on the list recommend for safe viewing of PDFs.
If your web browsing habits don't include NoScript, then you're likely no worse off using pdf.js to view PDFs than you are browsing arbitrary websites. After all, pdf.js has no more or less permissions than any other JS you might encounter in the wild; and since pdf.js is bundled with modern versions of Firefox, you might be inclined to think that it's likely non-malicious even if it's exploitable by rogue PDFs. But that's no worse than some JS malware you were fed via DNS poisoning or CDN hijacking.
(This can be seen either as an implicit endorsement of pdf.js or of NoScript.)
-=rsw
-- Scientific Director, IndieBio Irish Programme Now running in Cork, Ireland May->July Learn more at indieb.io and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey
participants (4)
-
Cathal Garvey -
Riad S. Wahby -
Seth -
Steve Kinney