<html>
    <head>
      <base href="https://bugs.freedesktop.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - [PATCH] Seccomp sandbox support for pdftotext"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=100224">100224</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>[PATCH] Seccomp sandbox support for pdftotext
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>poppler
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Other
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux (All)
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>enhancement
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>utils
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>poppler-bugs@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>hanado990@mailbox.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=130253" name="attach_130253" title="seccomp support for pdftotext">attachment 130253</a> <a href="attachment.cgi?id=130253&action=edit" title="seccomp support for pdftotext">[details]</a></span> <a href='page.cgi?id=splinter.html&bug=100224&attachment=130253'>[review]</a>
seccomp support for pdftotext

Since some of the poopler tools, like pdftotext are used by some file managers
to automatically parse pdf files for preview, I thought it might be a good idea
to use some sandboxing.

This is a patch that adds seccomp filter to pdftotext. This can also be applied
to the other tools that poppler provides, reducing the risk of successful
exploitation of poppler (and other used library) vulnerabilities significantly. 

I found this quite easy to apply and would be happy to help if you are
interested in using this.

This patch can be applied to poppler 0.52.0 without further changes</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>