<html> <head> <base href="https://bugs.freedesktop.org/"> </head> <body><table border="1" cellspacing="0" cellpadding="8"> <tr> <th>Bug ID</th> <td><a class="bz_bug_link bz_status_NEW " title="NEW - [PATCH] Seccomp sandbox support for pdftotext" href="https://bugs.freedesktop.org/show_bug.cgi?id=100224">100224</a> </td> </tr> <tr> <th>Summary</th> <td>[PATCH] Seccomp sandbox support for pdftotext </td> </tr> <tr> <th>Product</th> <td>poppler </td> </tr> <tr> <th>Version</th> <td>unspecified </td> </tr> <tr> <th>Hardware</th> <td>Other </td> </tr> <tr> <th>OS</th> <td>Linux (All) </td> </tr> <tr> <th>Status</th> <td>NEW </td> </tr> <tr> <th>Severity</th> <td>enhancement </td> </tr> <tr> <th>Priority</th> <td>medium </td> </tr> <tr> <th>Component</th> <td>utils </td> </tr> <tr> <th>Assignee</th> <td>poppler-bugs@lists.freedesktop.org </td> </tr> <tr> <th>Reporter</th> <td>hanado990@mailbox.org </td> </tr></table> <p> <div> <pre>Created <span class=""><a href="attachment.cgi?id=130253" name="attach_130253" title="seccomp support for pdftotext">attachment 130253</a> <a href="attachment.cgi?id=130253&action=edit" title="seccomp support for pdftotext">[details]</a></span> <a href='page.cgi?id=splinter.html&bug=100224&attachment=130253'>[review]</a> seccomp support for pdftotext Since some of the poopler tools, like pdftotext are used by some file managers to automatically parse pdf files for preview, I thought it might be a good idea to use some sandboxing. This is a patch that adds seccomp filter to pdftotext. This can also be applied to the other tools that poppler provides, reducing the risk of successful exploitation of poppler (and other used library) vulnerabilities significantly. I found this quite easy to apply and would be happy to help if you are interested in using this. This patch can be applied to poppler 0.52.0 without further changes</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the assignee for the bug.</li> </ul> </body> </html>