PostSscript files came from the same company in the 80's
-Adobe- and with GhostScript and zmachine.ps you can play Zork I-III, Calypso, Tristam Island and the rest of propietary Infocom text adventures on it with ease.
What zmachine.ps does is to emulate the ZMachine VM in PostScript and display the output to stdout/console.
And if it werent for the PS stack limitations for sure you could emulate Linux under Risc-V.
Heck, you can emulate old RISC Linux' syscalls (enough to run static binaries) in Perl without ever calling to C bindings, not even once.
> Just like Doom-in-a-PDF, this is in equal measure incredibly impressive and utterly horrifying that it's possible.
Yes but at the same time we now have options... For example it's now totally possible to do the following:
- intercept any PDF downloaded
- send it to a sandboxed app before opening
- open it from withing the sandbox
- headlessly screenshot every page to images
- pull the pictures (one per page) out of the sandbox
- reconstruct a similar PDF from the pictures
It's not hard and it can literally be vibe coded in a few prompts (because it's really not hard).
Some people are going to say: "But PDFs aren't supposed to be PICTURES, it has to be searchable, so we want our Turing-complete, exploits-ridden, 2 GB big PDF readers running as admin/root and we insist, we repeat INSIST, to have our ability to open any unkown PDF from any proprietary PDF readers for that is the way!".
Thing is: we know have tool that can extract text from pictures too and they work perfectly fine.
So, yup, the surface attack PDFs have is utterly horrifying but we're already at a point where we can just honey-badge any potentially evil PDF into a well-behaving one.
It's also all over LinkedIn. It's all just kind of super dumb imo. One of the worst offenders of note was this security person's ad-riddled regurgitation of it that they promoted on LinkedIn:
When I protested about their shitty website shoving ads down my throat, the answer was - I'm paraphrasing of course, but something along the lines of - of course I need ads! I have to cover the cost of my shitty WordPress site (and what are you even thinking to question that!!?? You outta ur mind or somethin?)
I felt like I was indeed stuck with her in 2010 after that...
22 comments
What zmachine.ps does is to emulate the ZMachine VM in PostScript and display the output to stdout/console.
And if it werent for the PS stack limitations for sure you could emulate Linux under Risc-V.
Heck, you can emulate old RISC Linux' syscalls (enough to run static binaries) in Perl without ever calling to C bindings, not even once.
> Just like Doom-in-a-PDF, this is in equal measure incredibly impressive and utterly horrifying that it's possible.
Yes but at the same time we now have options... For example it's now totally possible to do the following:
It's not hard and it can literally be vibe coded in a few prompts (because it's really not hard).Some people are going to say: "But PDFs aren't supposed to be PICTURES, it has to be searchable, so we want our Turing-complete, exploits-ridden, 2 GB big PDF readers running as admin/root and we insist, we repeat INSIST, to have our ability to open any unkown PDF from any proprietary PDF readers for that is the way!".
Thing is: we know have tool that can extract text from pictures too and they work perfectly fine.
So, yup, the surface attack PDFs have is utterly horrifying but we're already at a point where we can just honey-badge any potentially evil PDF into a well-behaving one.
Perhaps that's due to the nature of the method of execution? But I wouldn't run that…
edit: +possibly
>
butwhy.gifcomment.svg
https://hackingpassion.com/linux-inside-pdf/
When I protested about their shitty website shoving ads down my throat, the answer was - I'm paraphrasing of course, but something along the lines of - of course I need ads! I have to cover the cost of my shitty WordPress site (and what are you even thinking to question that!!?? You outta ur mind or somethin?)
I felt like I was indeed stuck with her in 2010 after that...
Previous discussion: https://news.ycombinator.com/item?id=42959775
Linux Running in a PDF - https://news.ycombinator.com/item?id=42959775 - Feb 2025 (104 comments)
Please submit the original source. If a post reports on something found on another site, submit the latter.
https://news.ycombinator.com/newsguidelines.html
> Note: This PDF only works in Chromium-based browsers.
I thought that PDF was some sort of open standard.