You're looking at Less Wrong's discussion board. This includes all posts, including those that haven't been promoted to the front page yet. For more information, see About Less Wrong.

LM7805 comments on Help us Optimize the Contents of the Sequences eBook - Less Wrong Discussion

11 Post author: lukeprog 19 September 2013 04:31AM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (73)
Tags: meta

Comments (73)

You are viewing a single comment's thread. Show more comments above.

Comment author: LM7805 19 September 2013 06:15:56PM *  1 point [-]

If the PDF is signed by a certificate the user has manually installed, it can embed what Adobe calls "high privilege" javascript, which includes the ability to launch any URL. That's an extra step, which would discourage some users, but on the plus side it addresses the "who's given informed consent?" problem.

Momentarily donning a slightly darker hat: it is also possible for a PDF to launch an arbitrary executable (see pp. 30-34 of Julia Wolf's OMG WTF PDF, video). AIUI this requires no additional privileges.

Comment author: Lumifer 19 September 2013 06:34:24PM 1 point [-]

...a certificate the user has manually installed ...an extra step, which would discourage some users

My estimate for the value of that "some" is 95%+

Not to mention that most of the people who can be easily persuaded to manually install a cert on their PC probably already have a dozen toolbars in their browser... :-D

Powered by Reddit Powered by Reddit