On 13-07-2015 10:10, Apple Apple wrote: > On 13 Jul 2015 00:12, "Yuri" <[email protected]> wrote:
> PostScript is something entirely unrelated. It is a way of describing the > layout of documents with words, like a very early CSS or Latex. I remember > claims about it being Turing complete but I think that this is in a similar > spirit to C++ templates being Turing complete. No, Postscript is a real programming language. > I have doubts over whether > it has enough IO capabilities to do anything malicious on its own. Depends on the Postscript interpreter. But there has been postscript vulnerabilities. > You do raise an interesting point regarding embedded JavaScript inside PDF > files which can also be used to exploit vulnerabilities in the viewer. Many > PDF viewers will execute this code without the user even knowing about it. > > If a PDF convertor ignores these embedded scripts then I think that is a > definite bonus point for Niels' conversion strategy. Yes, but I am not sure about that. -- Niels Elgaard Larsen -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
