[RndTbl] Is printing a pdf attached to an email safe?
Trevor Cordes
trevor at tecnopolis.ca
Sun May 7 23:45:22 CDT 2023
On 2023-05-07 Adam Thompson wrote:
> PDFs have been known to contain malicious payloads. However, if your
> software is up to date (patched), and you don't click on anything in
> the PDF, then printing it should be a low risk activity.
PDFs are still a very popular virus vector. But they are mostly
attacking older Adobe Reader on Windows. So in that sense you're
already much safer on linux (assuming that's what you're talking about)
because a) the specific obscure linux viewer / pdf library isn't a
popular target, and b) linux itself isn't a popular target of these
types of attack. The attack would have to trigger some sec flaw in the
reader and then also use that flaw to execute linux-compatible code.
The odds of these together is quite small.
You *can* directly print a PDF (say from the command line) on linux, and
at that time it'll go through cups / ghostscript to render the PDF into
a raster, or into PS/PCL. So even doing it "without a reader/viewer"
can be subject to attack. (Because in this case there is a
reader/viewer (ghostscript), it's just hidden from you.)
The only downside to linux for PDFs is, while they aren't popular
vectors, their pdf viewers (all mostly obscure hobby projects) also
receive less sec reviews and updates. And I bet they mostly share just
1 or 2 base pdf libraries, and the same may apply to them.
A safe option would be to open the pdf in a throwaway VM or in (my
favorite) a firejail instance. You could use a heavily-locked down
firejail to use pdftoppm to sanitize the pdf into a raster-only format
that you can then 100% safely view and manipulate outside the jail with
your normal tools.
P.S. I would never open a PDF I didn't somewhat trust on Windbloze. I
would open most PDFs that didn't come from shady-looking sources in
linux viewers. If it was from a very shady source I'd use the firejail
trick. You're right to be suspicious; always be suspicious!! But
don't let it stop you from getting things done.
More information about the Roundtable
mailing list