pgundlach
commented
2 years ago Should be possible, but I am thinking if I really like the change. Would you mind sketching an attack scenario which uses this information?
Closed grigorem closed 2 years ago
pgundlach
commented
2 years ago Should be possible, but I am thinking if I really like the change. Would you mind sketching an attack scenario which uses this information?
grigorem
commented
2 years ago Thank you for your quick reply! I'm no security expert, so take everything I say with a grain of salt. I just wanted to see if it is a possibility and hear your opinion on it.
My view on this was, that once an attacker can easily find the tool that generated the PDF, they can just go download the software and try and find vulnerabilities in it, and once they find any, they can try to exploit it on the system it uses it.
We tried breaking PDF generation with different inputs, but we couldn't. You did a solid piece of software, but I'm aware that nothing can be "bulletproof". We just wanted to have another layer of protection, by not disclosing the tool that generated it.
Is it possible to add a configuration option to not add the metadata to the generated PDF? Specifically the "Creator" and "Producer" fields. From a security point of view, it would make sense not to include this metadata, to avoid an attacker knowing which tool generated it.