r҉ustic cy͠be̸rpu̵nk🤠🤖Jun 28

Someone made a port of Doom that runs in a PDF

I'm just...

https://github.com/ading2210/doompdf

Show threadr҉ustic cy͠be̸rpu̵nk🤠🤖Jun 28

Same person got Linux working inside a PDF document

An entire kernel and OS running in a PDF. What a time to be alive

https://github.com/ading2210/linuxpdf

Show threadSpace Catitude 🚀Jun 29

@cypnk

Very cool.
Also terrifying.

Raises serious questions about using PDF as a document format.

I guess my big question is how many PDF viewers are defaulted to run this kind of code in a PDF?  

One would hope that most have this turned off by default?
🤨

Show threadLisPiJun 30
@TerryHancock @cypnk In theory, interpreted on non-broken hardware (lol) it would be "safe" once isolated properly.

But yes, there's a reason why I much prefer djvu as a format.
Show threadSpace Catitude 🚀Jul 1

@lispi314 @cypnk

Yeah, I guess the real question is about sandboxing -- does the code running in the PDF have access to the outside, like the filesystem? 🤔

Show threadLisPi
@TerryHancock @cypnk I see no reason why it would have such access, but I'm sure some implementations screwed up anyway. It shouldn't be particularly hard to restrict such an implementation to only taking input/output through stdin/stdout or a socket and allowlist syscalls.

That ought to be enough for interaction commands and render output.

Problem is, that does all of nothing for mitigating hardware vulns.
Jul 1 at 3:37amWeb