You are not logged in.
- Topics: Active | Unanswered
#1 2010-10-24 07:11:06
- dvolk
- Member
- Registered: 2010-05-16
- Posts: 6
Locking down Linux PDF viewers?
Is there some nice way of securing a PDF viewer? I hear a lot of bad things about PDFs - the embedded javascript can "call home", poppler is insecure, etc. I view PDFs from all over the Internet every day and things like that worry me.
Currently I use evince because it has the nicest rendering, but I'd be willing to switch to some other viewer if it offers better security.
Last edited by dvolk (2010-10-24 07:11:52)
Offline
#2 2010-10-24 08:54:02
- hokasch
- Member
- Registered: 2007-09-23
- Posts: 1,461
Re: Locking down Linux PDF viewers?
Can you provide some links re the "bad things" you hear?
Offline
#3 2010-10-24 12:13:44
- R00KIE
- Forum Fellow
- From: Between a computer and a chair
- Registered: 2008-09-14
- Posts: 4,734
Re: Locking down Linux PDF viewers?
Is there some nice way of securing a PDF viewer? I hear a lot of bad things about PDFs - the embedded javascript can "call home", poppler is insecure, etc. I view PDFs from all over the Internet every day and things like that worry me.
Currently I use evince because it has the nicest rendering, but I'd be willing to switch to some other viewer if it offers better security.
Can you provide some sources describing that javascript problem and also the poppler security issues?
Evince does depend on poppler, just in case you don't know. As far as I know you are quite safe with most open source pdf viewers, security flaws are corrected as soon as possible (which usually is soon after they are discovered and arch being a rolling release distro picks up the fixes quite fast). Open source viewers also have a limited number of features, usually enough to display the pdf and search text so all the bloat and security holes that adobe reader has are not there.
Just my 2 cents, I may be wrong though.
R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K
Offline
#4 2010-10-25 06:11:15
- linux-ka
- Member
- From: ADL
- Registered: 2010-05-07
- Posts: 232
Re: Locking down Linux PDF viewers?
put each pdf viewer into its own chroot env....maybe you might disconnect it from i-net.
Offline
#5 2010-10-25 07:49:39
- Awebb
- Member
- Registered: 2010-05-06
- Posts: 6,309
Re: Locking down Linux PDF viewers?
put each pdf viewer into its own chroot env....maybe you might disconnect it from i-net.
If you do so, you might find pleasure in Sandfox: https://bbs.archlinux.org/viewtopic.php?id=90152
Offline