[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Verifying Toolchain Semantics
From: |
Ian Grant |
Subject: |
Re: Verifying Toolchain Semantics |
Date: |
Sun, 5 Oct 2014 12:24:54 -0400 |
On Sun, Oct 5, 2014 at 11:15 AM, Nala Ginrut <address@hidden> wrote:
>
> Alright, I changed a system and try it again with evince successfully.
> Anyway, I did't find any maths or special symbols in it, so it could be
> published on your blog as plain text. But you may insist on the opinion of
> PDF.
There is another reason why I use PDF. It's much nicer to read. I love
Garamond. Did you see the Jobs movie? Do you remember what he said
about Garamond?
> It's not your mistake but mine. ;-)
Well being mistaken about somebody else's mistake that wasn't a
mistake is about the least mistaken it's possible to be: it really
doesn't matter at all.
What we really need to do is find out what software Mark was using to
pdf->png. If it segfaults then there is a good chance that that bug
can be turned into a working exploit. Because all binaries distributed
by the binary-distributors are identical, attackers can analyse the
file and work out how to turn a bad pointer dereference into an
exploitable "PDF attack vector" which executes binary code contained
in the PDF.
Ian
- Re: Verifying Toolchain Semantics, (continued)
- Re: Verifying Toolchain Semantics, Mike Gerwitz, 2014/10/05
- Re: Verifying Toolchain Semantics, Ian Grant, 2014/10/05
- Re: Verifying Toolchain Semantics, Mike Gerwitz, 2014/10/06
- Re: Verifying Toolchain Semantics, Ian Grant, 2014/10/07
- Re: Verifying Toolchain Semantics, Mark H Weaver, 2014/10/07
- Re: Verifying Toolchain Semantics, Ian Grant, 2014/10/07
- Re: [Lightning] Verifying Toolchain Semantics, Philip Herron, 2014/10/07
- Re: [Lightning] Verifying Toolchain Semantics, Ian Grant, 2014/10/07
- Re: Verifying Toolchain Semantics, Mark H Weaver, 2014/10/08