Hacker News new | ask | show | jobs
by okasaki 3954 days ago
> PDF.js has fewer security vulnerabilities than desktop PDF readers.

You can limit desktop readers with something like AppArmor (no network access, only allowed to read files, only allowed to open *.pdf files, etc). You can't (AFAIK) do that with PDF.js.
1 comments
TD-Linux 3954 days ago
>only allowed to read files

You just let through the vulnerability in PDF.js.

link
okasaki 3954 days ago
No, you give it read-only access to the files it needs (e.g. /usr/) and then everywhere else like /home it can only open *.pdf.

Also, no networking.

link
TD-Linux 3953 days ago
AppArmor can't do a *.pdf restriction. Even if it could, you still let through access to every pdf on your system.

The point here is that the sandboxing needs to be watertight, or it's simply not effective. pdf.js runs in the JS sandbox, but here the file origin checking failed. Placing an OS-level sandbox around it doesn't help unless it is just as tight.

link
okasaki 3953 days ago
Uh, yes it can

    allow /**/*.pdf r,
link
TD-Linux 3953 days ago
Wow okay, didn't realize that (was still thinking in extended-attributes SELinux land).
link