Comment by dolmen

Comment by dolmen 6 months ago

View on Hacker News

It is not sandboxed.

So one can expect zero day exists and are exploited.

That may not be a feature for you, but it is for attackers.

jasonjayr 6 months ago

Does it implement any of the dynamic features in PDF that are vectors for easy attacks like that?

PDF was originally a display-only format.

Reply View 2 replies

kccqzy 6 months ago

You don't need any dynamic features in PDF to attack. One of the most famous exploits used a bug in the JBIG2 format to build the attacker's own dynamic feature (basically a virtual machine built from logic operations) to launch an exploit. https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i...
In fact you have gotten it backwards. The obviously dynamic features in PDF like JavaScript are designed to be dynamic so they receive so much more attention in security. So smart attackers attack the not-obviously-dynamic features in PDF.

Reply View | 1 reply
- jasonjayr 6 months ago
  
  Ah, very good point.
  
  Reply View | 0 replies

shakna 6 months ago

Sumatra has more security features than most other readers?

For example, it doesn't support JavaScript. And it doesn't support GoToE.

The text features, both strings and fonts, get sent through HarfBuzz for sanitisation.

How is it not sandboxed?

Reply View 0 replies