[geeks] encrypted video cable?
Charles Shannon Hendrix
shannon at widomaker.com
Mon Oct 30 15:09:42 CST 2006
Mon, 30 Oct 2006 @ 14:05 -0500, Sandwich Maker said:
> " From: Charles Shannon Hendrix <shannon at widomaker.com>
> "
> " []
> "
> " One reason I use Adobe Reader on Linux is because I still have trouble
> " using other readers on some files.
> "
> " Also the last Reader finally fixed the memory leaks, and runs fairly
> " well.
> "
> " I just run the patch to remove the "phone home" code and I'm set.
>
> where is this patch?
I really don't know. I got it a year or two ago, and forgot about it.
Now that I've upgraded again, I want to disable all of the scripting
again.
I'm looking myself, so let me know if you find anything.
Adobe also admitted in September that even the new release had remote
exploitation bugs that let a document access websites, and even run code
on the local machine.
The easiest way to plug these security holes is to disable the uneeded
"feature" in the first place, but I doubt we'll see them do that.
JavaScript became part of the PDF spec a few years ago, and over the
years Adobe has patched one memory leak, crash bug, or security hole
after another, but you are best off patching to get rid of it.
The patch works by replacing the JavaScript procedures called by Adobe
Reader with null routines.
If you just disable the feature in the configuration, it doesn't fully
go away, and it also pesters you by asking you for permission to run
every time you view a document.
The patch eliminated the problem and the pesty dialog.
--
shannon "AT" widomaker.com -- ["Work for something because it is good, not
just because it stands a chance to succeed." -- Vaclav Havel]
More information about the geeks
mailing list