"It might be possible to embed a C compiler into a PDF by compiling it to JS with Emscripten, for example, but then your C compiler has to take input through a plain-text form field and spit its output back through a form field."
Every time I see Adobe logo somewhere I just cringe a little bit. From the time that you had to have Acrobat Reader installed because most of pdfs created with Acrobat (writer) weren't really compatible with other readers, or that time that everything interactive on the web was in Flash (even our governmental websites for example Social Insurance Institution dropped Flash few days ago).
My SO recently bought Adobe Lightroom and low and behold - you cannot install it on case sensitive filesystem (in 2020) and help page says: "well just install it on case insensitive filesystem". I'm quite surprised that they allow file names longer than eight characters, dot and three for file type...
Our neighbors at the fine journal of POC||GTFO are distinguished in PDF manipulation and polyglots.
<a href="https://www.alchemistowl.org/pocorgtfo/" rel="nofollow">https://www.alchemistowl.org/pocorgtfo/</a>
I had an employee once submit an algorithm document, written in pure Postscript.<p>The charts were actually executable Postscript, running the algorithm.<p>One of the coolest things I ever saw.
3D objects in PDFs are cool. My thesis used those in a few places. The PDF would print normally, but you could rotate it when open in Adobe Reader.<p>Getting this to work with Latex was... interesting. I spent a lot of time typesetting as a grad student.
PDF attachments are very useful for lossless steganography. Image-based techniques get lost in recompression (e.g. Save To Camera Roll on an iPhone, or sending via Facebook message). PDF attachments don't get lost in that way.<p>Want to include the CSV raw data with your report? Just add it as a PDF attachment.<p>Want to hide a game with your homework? Add it as a PDF attachment. Chrome and Preview on Mac doesn't show that it exists, but Firefox can be used to extract the file.<p>It's not going to shock anyone to have a 5 MB file as a PDF, but there's a lot you can hide in there (MP3s, games, HTML files including more JavaScript, whatever else).<p>On the surface, everyone thinks it's just another PDF. But the real data is hiding in plain sight.
Related: Postscript is a great stackbased language to learn to program in. A good initial exercise is to write a factorial function:<p><a href="https://www-cdf.fnal.gov/offline/PostScript/BLUEBOOK.PDF" rel="nofollow">https://www-cdf.fnal.gov/offline/PostScript/BLUEBOOK.PDF</a><p><a href="http://paulbourke.net/dataformats/postscript/" rel="nofollow">http://paulbourke.net/dataformats/postscript/</a>
Not too horrifying: when I open the Breakout PDF in Preview, it just displays a white page.<p>PDFs are a great format if you just ignore the dumb parts. :)
I worked on two aspects of this in my most recent position. I was responsible for implementing the javascript APIs and the feature of embedded abitrary compressed file attachments in a web based PDF editing SDK according to the lengthy pdf spec. It was an interesting technical challenge and eye-opening experience in terms of what I learned PDFs were capable of, and my immediate concern was some of the stuff this git repo talks about.
I have written an application in PostScript once.<p>As a newbie developer I decided to use PostScript to generate badges for all our employees. There was a list of employee names in a text file, there was a PostScript file with the program and a Perl script to join them together.<p>The PostScript program would take the names, generate 8 badges per A4 page, scale the name of the employee so that it fits the space perfectly, generate procedural background, etc.
This is exactly what I hate about Adobe. They're always cramming way too much functionality into their plugins making them too heavy and riddled with security issues.<p>This is like flash player all over again. No way am I going to enable the proper pdf reader for web content view. There's a good reason browsers refuse to support all this
This is one of the clearest examples of feature creep I've ever seen. PDF is, as the name clearly implies, a protocol for portable documents. Yet it has grown over the years to be a defacto form protocol, with capabilities to do way more than a portable document should.
we had a collection of these internally in the early 2000s using notes, even mandelbrot sets using embedded ps based fonts. a lot of this comes from dynamic form requirements. the JS engine was from the latest mozilla engine for the time when it came out, spidermonkey.
I've seen companies that use a fair amount of the PDF specification before. One of the most impressive was 3D models and scripted UI elements baked into the document. It kind of made the document look like JSCAD, with an actual 3D model you could manipulate.
I didn't expect this to be as 'Horrifying' as it was. Has anyone written a script yet to identify whether or not a given PDF contains executable script?
can someone please explain to me the power of embedding a c compiler into a pdf?<p>doesnt a compiler just output executables? would we be able to run these executables? where would these executables get stored?
One of my good friends did a lot of research on PDFs as part of his graduate research. Older versions of Adobe Writer (maybe even the current one too?) would always append and never overwrite. So if you edited pages, it would add those edits to the bottom of the file. As long as you did everything in the Writer workflow and didn't Save As a new file, you could see a history of old edits. You can even find stuff that's blacked out in some government documents.
I was told once by someone in infosec that the PDF spec included a dos emulator for some abstract thing.<p>That doesn’t appear to be true exactly but isn’t anywhere in the realm of impossible which is a serious issue for PDF.<p>I was hoping FoxIt dropped a lot of the BS spec parts, but it seems they don’t want to “lose out” to Acrobat in the features checklist. At least I know it’s easy to turn JS off by GPO with FoxIt, Acrobat I assume too?