PDF safety

Advice and Help

Moderator: kcleung

Post Reply
aoq
Posts: 1
Joined: Mon Apr 16, 2012 5:05 am
notabot: 42
notabot2: Human

PDF safety

Post by aoq »

How does IMSLP make sure that uploaded pdfs don't hold inside exploits? after all malicious pdfs were how the first iphones got jailbroken. and some pdf readers will run embedded javascripts. (well not the ones i use but still)

a search of forum didn't turn up anything but i am curious as a user. thank you
daphnis
Copyright Reviewer
Posts: 1633
Joined: Thu May 17, 2007 7:15 pm
notabot: 42
notabot2: Human

Re: PDF safety

Post by daphnis »

It's a valid question, and the present answer is that we don't. It'd probably be worth investigating into some MediaWiki plug-in that examines uploaded PDFs for any sort of code. If any is found the upload should be blocked. I can't think of a valid reason why any submitted PDFs need include such code.
Choralia
Site Admin
Posts: 762
Joined: Fri Aug 28, 2009 9:08 pm
notabot: 42
notabot2: Human

Re: PDF safety

Post by Choralia »

At CPDL (http://www.cpdl.org) we analyzed this subject for scores hosted on our servers. According to http://blog.didierstevens.com/programs/pdf-tools/ most suspicious pdf files may be identified if they include both /AA and /OpenAction statements, as they indicate an automatic action to be performed when the page/document is viewed.

I intended to implement a script that performs this check for all CPDL files. Unfortunately this activity is in my pipeline since a long time... :oops: Anyway, I'm ready to share it with IMSLP when ready.

Max
Post Reply