Y
Hacker News
new
|
ask
|
show
|
jobs
by
fallat
3986 days ago
Download it, block all ports, run pdf reader in a chroot...B)
2 comments
leni536
3986 days ago
And on a separate X server. It's more like trusting your reader than the PDF file itself.
link
casualhner
3986 days ago
>destroy computer after reading.
link
ptaipale
3986 days ago
Perfectly common, of course. Usually the way to do this is to use a virtual machine which you then throw away.
link
beagle3
3986 days ago
but why do you trust your hypervisor? QEMU had a floppy controller escape bug published last month. Xen has one today.
link
JupiterMoon
3986 days ago
By doing this the chain of things that have to be broken for an exploit to escape is getting longer.
link
leni536
3986 days ago
So the best thing you can do is to nest different kind of VM hypervisors with different OS guests and read the pdf in the innermost machine.
link
JupiterMoon
3986 days ago
Or just read it on someone else's computer?
link
fallat
3986 days ago
There's a name for that. The Stallman Co-Computer.
link