{"id":2965,"date":"2010-10-08T11:38:38","date_gmt":"2010-10-08T10:38:38","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=2965"},"modified":"2015-09-09T19:37:26","modified_gmt":"2015-09-09T11:37:26","slug":"adobe-pdf-reader-rewrite-to-include-sandbox-feature","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2010\/10\/adobe-pdf-reader-rewrite-to-include-sandbox-feature\/","title":{"rendered":"Adobe PDF Reader Rewrite To Include Sandbox Feature"},"content":{"rendered":"

A lot of people have complained about the lack of security in Adobe<\/a> PDF related products and the fact that the very architecture is insecure. There have been a whole spate of PDF<\/a> related exploits and vulnerabilities lately – some of them being very serious.<\/p>\n

It’s good to see Adobe is taking this matter seriously and rather than just issuing patch after patch (firefighting) they are trying to do something fundamentally different with their PDF reader software to fix the root cause.<\/p>\n

Now I’m not saying this will solve all the PDF related problems, but it’s good to see them doing a ground up rebuild and implementing safety features like sandboxing<\/a>.<\/p>\n

Adobe has offered more details of the ‘sandbox’ security feature it plans to implement to secure its hugely popular but often-attacked PDF Reader software. First announced last July, the latest description put out by Adobe’s security development team makes clear that Reader’s new ‘protected mode’ will be no mere bolt-on. This is starting to look like a ground-up re-design of how the program operates, almost from scratch.<\/p>\n

The new Reader design will see core and risky PDF functions such as font rendering, Javascript execution, 3D rendering and image parsing happen within the confines of the application itself, isolating these from the privileges of the operating system.<\/p>\n

This effectively relegates Reader to a new rung of privilege below that if the system user, which stops the application simply accessing key parts of the OS such as the Registry or file system as it likes. Instead all such calls will have to go through a trusted broker process if they want to communicate beyond the sandbox. <\/p><\/blockquote>\n

It’s a good model though and similar to what Google<\/a> have done with the Chrome<\/a> browser.<\/p>\n

Separating the ‘dangerous’ parts from the parts that have access to the underlying OS is extremely important, JavaScript<\/a> execution of course being the main culprit. But other exploits have focused on font and image rendering so they need to be kept away too.<\/p>\n