Martin Schröder
On 2005-03-30 14:00:38 +0200, Frank Küster wrote:
during the last months security support for software containing xpdf code was a nightmare - not only that there were many security issues discovered, moreover everybody used a different patch, it was unclear to what extent older versions were affected, and so forth. This was also a problem for us, the teTeX maintainer in Debian, which currently has three versions of pdftex with three different versions of the xpdf code.
I know; we even got contacted about some patches, which we didn't need to use -- a crash of pdfTeX is not really a security problem. :-)
I do not agree here. If you are running pdftex as part of a service (people submit document source and get typeset documents or printouts), it could be used at least for a Denial of Service attack. And I am not sure that it has been investigated whether the buffer overflows could not also be used to execute malicious code; if you know the target system well, this might be possible.
If you agree, I would be oblidged if one of you would contact Derek Noonburg (derekn@foolabs.com) and ask him. He seems to be a little unresponsive at times, and has not answered a similar question from the maintainer of the xpdf package in Debian for a couple of weeks now. Maybe we can convince him that this is a good idea if he is approached from different sides.
I'll do this eventually, but don't expect anything from me soon. Most likely not before Sarge. :-)
Derek has now answered to Hamish Moffats (the Debian xpdf maintainer) mail. The relevant part of his answer is: ,---- | I haven't thought about doing it myself, but (as you say) poppler is | doing pretty much that. | | I don't know of a good way to do it, frankly. Everyone seems to be | using different parts of Xpdf, so there's no simple, concise API that | would be useful. You can just export all of the symbols, but since it's | written in C++, that will make it heavily dependent on the compiler used | (or more specifically, on the name mangling scheme). `---- So if we could come up with a decent technical proposal, he seems to be open to a change. If we could. My knowledge of C++ is neglegible, I fear I won't be of much help here. I have not yet looked at poppler (there's a Debian package in NEW, have asked the uploader whether he can give me the packages), so I do not know if they excluded the parsing part or just don't care much about it. Regards, Frank -- Frank Küster Inst. f. Biochemie der Univ. Zürich Debian Developer