Hacker News new | past | comments | ask | show | jobs | submit login

If you open a PDF, that should never lead to RCE, but that's not the world we live in. Better for tools not to open PDFs when you don't expect that to happen.



It depends what's hiding in the word "open."

If I open a PDF in a full-featured reader, I'm slightly ill at ease. If I sha256sum it or wc it, I should be (read: ought to be, in any sane world) perfectly at ease. No matter how complicated the data structures in it, they shouldn't affect those programs.


As per the link, I'm talking about less "opening" a PDF by shelling out to pdftotext. "Hiding" is a good word for the behavior. :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: