Best practice for safe viewing of PDFs posted to list
Steve Kinney
admin at pilobilus.net
Wed Jun 10 14:44:29 PDT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/10/2015 04:50 PM, Seth wrote:
> Links to PDFs are not uncommon on this list but I never feel
> good about opening them up.
[ ... ]
> I usually use an open source reader like muPDF on SumatraPDF in
> a VM, but it's a hassle.
>
> Curious if the advice given above is still relevant and also
> what other on the list recommend for safe viewing of PDFs.
>
> [1] http://www.pcmag.com/article2/0,2817,2362356,00.asp
I think that using a reader like Evince inside a VM should be very
safe, relatively speaking. Needless to say, if paranoia is an
issue don't let a PDF file you didn't make yourself touch any
installed Microsoft OS (except inside a VM used for no other
purpose and "rolled back" to an earlier snapshot after every use)
or any "smart phone."
If you want a really unpopular PDF reader, try the GIMP: It can
import PDF files as rendered images, one layer per page. It can't
execute active content. Anybody who anticipates this security
measure, and devises a way to make a PDF file climb out of the
GIMP and take over the machine, arguably deserves to succeed.
:o)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVeK+5AAoJEDZ0Gg87KR0LBHEQAIRqeMYyIysEMARM3+76L198
lLs9CDN2vTJAtXp/x6cb6xKWswppYpN8WqV/FWWRvUA1Las6HuBpyf0ULiY/piC6
5z3CF1KzKlNI2sRX93bvNQZJ0alKOshwRBjCRb5mEue7hCHmyosTu0ppxY37Q/go
oaKnWaevihOh5jv1W2Rc7IOElXw6seQwp6nEQDEce8GlN7i+h+g2UbID5HKW02/c
xxSIdSPZhExwaz/RaICGT6g9mCuz3AT8xg+gdbzW8lVlrpaqEQuY07OGITIXYxoz
vycfyZOYjudWv72njz7qpoYXoTdfte8Iwde8s4GN77JttzdXEySrzd/cXUxR08aD
+0+JnNCjTxM191C4gZW0OKdPleqUBwZOMUJpTrTpbP/JPYW3JqOSzG9BZmMh9ClG
LP97WEootEiP/ZsB+H9uOaXC6NZTnVfj9MV2ovr9vsUhNOuNKSHH6usJqaUGS2l6
ccM5ZXU/yHECCfwFWzcsOCIT1EAPlfEpzB74hZ3ja5RlRa9jmmelEUpbmS16PKNy
wsqVsoN67uIsVGfTskIEWiWfRj8lORBLKY2hre16cvZ8nGH2+p6Mm3y/ImKSFJAg
883ScaQMNW2KBwCEV2NJ5zjMgo5/VBKo1sZ/R15ppKXTR3QgnlHRdnGzavOhb1Tr
IBmOZqBJ1QUHWLOA4koI
=+zTe
-----END PGP SIGNATURE-----
More information about the cypherpunks
mailing list