[PATCH] Seccomp sandbox support for pdftotext
Submitted by valo
Assigned to poppler-bugs
Link to original bug (#100224)
Description
Created attachment 130253 seccomp support for pdftotext
Since some of the poopler tools, like pdftotext are used by some file managers to automatically parse pdf files for preview, I thought it might be a good idea to use some sandboxing.
This is a patch that adds seccomp filter to pdftotext. This can also be applied to the other tools that poppler provides, reducing the risk of successful exploitation of poppler (and other used library) vulnerabilities significantly.
I found this quite easy to apply and would be happy to help if you are interested in using this.
This patch can be applied to poppler 0.52.0 without further changes
Patch 130253, "seccomp support for pdftotext":
pdftotext_seccomp.patch