On Tue, Apr 29, 2008 at 7:58 PM, Martin Langhoff <martin.langhoff@xxxxxxxxx> wrote: > On Wed, Apr 30, 2008 at 8:31 AM, Geoffrey Irving <irving@xxxxxxx> wrote: > > I sincerely hope that pdf/postscript don't allow the internal > > rendering code to branch based on the current date. That would be an > > absurd security hole, and would indeed make you entirely correct. If > > PS is Turing complete, and does know about dates. So yes, you can make > such conditionals. I knew postscript was Turing complete, but had (naively) assumed it executed sandboxed and deterministically and would therefore display uniformly barring interpreter bugs. Looking over the spec, I can't find where it's possible to read the current date, but the usertime/realtime variables are sufficient as long as the attacker knows how fast the relevant machines are. > That original md5 paper with the 2 PDF files is mainly a good example > that you should trust binary blobs, that's all. The md5 trick is a > nice demo, but misses the point entirely. > > I can't find it now, but someone had written a PDF file that printed > Pi computing in inside the PS VM. The tiny file would keep the printer > churning out paper until it ran out of memory. :-) According to wikipedia, PDF doesn't have conditionals or loops of any kind, so you probably mean a postscript file. Geoffrey -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
