PostSscript files came from the same company in the 80's
-Adobe- and with GhostScript and zmachine.ps you can play Zork I-III, Calypso, Tristam Island and the rest of propietary Infocom text adventures on it with ease.
What zmachine.ps does is to emulate the ZMachine VM in PostScript and display the output to stdout/console.
And if it werent for the PS stack limitations for sure you could emulate Linux under Risc-V.
Heck, you can emulate old RISC Linux' syscalls (enough to run static binaries) in Perl without ever calling to C bindings, not even once.
> Just like Doom-in-a-PDF, this is in equal measure incredibly impressive and utterly horrifying that it's possible.
Yes but at the same time we now have options... For example it's now totally possible to do the following:
- intercept any PDF downloaded
- send it to a sandboxed app before opening
- open it from withing the sandbox
- headlessly screenshot every page to images
- pull the pictures (one per page) out of the sandbox
- reconstruct a similar PDF from the pictures
It's not hard and it can literally be vibe coded in a few prompts (because it's really not hard).
Some people are going to say: "But PDFs aren't supposed to be PICTURES, it has to be searchable, so we want our Turing-complete, exploits-ridden, 2 GB big PDF readers running as admin/root and we insist, we repeat INSIST, to have our ability to open any unkown PDF from any proprietary PDF readers for that is the way!".
Thing is: we know have tool that can extract text from pictures too and they work perfectly fine.
So, yup, the surface attack PDFs have is utterly horrifying but we're already at a point where we can just honey-badge any potentially evil PDF into a well-behaving one.
It's also all over LinkedIn. It's all just kind of super dumb imo. One of the worst offenders of note was this security person's ad-riddled regurgitation of it that they promoted on LinkedIn:
When I protested about their shitty website shoving ads down my throat, the answer was - I'm paraphrasing of course, but something along the lines of - of course I need ads! I have to cover the cost of my shitty WordPress site (and what are you even thinking to question that!!?? You outta ur mind or somethin?)
I felt like I was indeed stuck with her in 2010 after that...
Post is new but the original PDF is from 2025:
Previous discussion: https://news.ycombinator.com/item?id=42959775
seems like an account reposting stuff to get attention to advertise his AI stuff.
What? I thought the idea of running Linux in a PDF was pretty cool. Apologies if that bummed your day.
And here's the PDF: https://linux.doompdf.dev/linux.pdf
> Note: This PDF only works in Chromium-based browsers.
I thought that PDF was some sort of open standard.
Is there a writeup somewhere on how it works?
Is it turing complete, runs actual linux binary through wasm or something
edit: went to tweet RISC-V emulator in PDF
What reasonably competent PDF-reader applications are not competent enough be Turing-complete?
Just like Doom-in-a-PDF, this is in equal measure incredibly impressive and utterly horrifying that it's possible.
PostSscript files came from the same company in the 80's -Adobe- and with GhostScript and zmachine.ps you can play Zork I-III, Calypso, Tristam Island and the rest of propietary Infocom text adventures on it with ease.
What zmachine.ps does is to emulate the ZMachine VM in PostScript and display the output to stdout/console.
And if it werent for the PS stack limitations for sure you could emulate Linux under Risc-V.
Heck, you can emulate old RISC Linux' syscalls (enough to run static binaries) in Perl without ever calling to C bindings, not even once.
> Just like Doom-in-a-PDF, this is in equal measure incredibly impressive and utterly horrifying that it's possible.
Yes but at the same time we now have options... For example it's now totally possible to do the following:
It's not hard and it can literally be vibe coded in a few prompts (because it's really not hard).Some people are going to say: "But PDFs aren't supposed to be PICTURES, it has to be searchable, so we want our Turing-complete, exploits-ridden, 2 GB big PDF readers running as admin/root and we insist, we repeat INSIST, to have our ability to open any unkown PDF from any proprietary PDF readers for that is the way!".
Thing is: we know have tool that can extract text from pictures too and they work perfectly fine.
So, yup, the surface attack PDFs have is utterly horrifying but we're already at a point where we can just honey-badge any potentially evil PDF into a well-behaving one.
butwhy.gif
People keep being amazed that Turing-complete mechanisms can run any program. ;)
Why climb Mount Everest? Because it's there.
>butwhy.gif
comment.svg
This is a low effort blogspam. (Twitterspam?)
It's also all over LinkedIn. It's all just kind of super dumb imo. One of the worst offenders of note was this security person's ad-riddled regurgitation of it that they promoted on LinkedIn:
https://hackingpassion.com/linux-inside-pdf/
When I protested about their shitty website shoving ads down my throat, the answer was - I'm paraphrasing of course, but something along the lines of - of course I need ads! I have to cover the cost of my shitty WordPress site (and what are you even thinking to question that!!?? You outta ur mind or somethin?)
I felt like I was indeed stuck with her in 2010 after that...
Can we use it as an AI sandbox!