Log of #ghostscript at irc.freenode.net.

 <<<Back 1 day (to 2020/02/04)Fwd 1 day (to 2020/02/06) >>>20200205 
Gitinh4 hey kens, how you doing? I tried to use the gs commandline to generate a pdf and then edit it with the /XObject, well seems that doing such change breaks the whole xref pointer and I still can not come up with the exact offset. Look the example here: https://dpaste.org/0Ybo/raw10:11.45 
kens PDF files are binary files, and they cannot readily be edited.10:12.22 
  If you change the number of bytes in the file then you must recalculate at least some of the offsets in the xref tbale, possibly all of them.10:13.01 
  Figuring out the offset is not hard, open the file in a binary editor, find teh offset of for example the x in xref, that's the value for 'startxref'10:13.34 
  For other objects its the offset of the object number eg the 1 in 1 0 obj10:13.54 
  I can't tell you what the values in your xref table should be because this is a pastebin, so I have no idea what hte line endings are, whether the white spaces are spaces or tabs, etc.10:14.34 
  Out for a couple of hours10:28.02 
weijunli hey chrisl, around?12:51.05 
  i think ive solved the offset thing but now i bumped into something else12:51.18 
chrisl weijunli: And?13:01.34 
weijunli chrisl, it seems to be a valid .pdf now at least i can open it.. but it doesnt create the output1.txt declared on the XObject13:02.10 
chrisl What are you using to open it?13:02.46 
weijunli default pdf viewer from ubuntu 16.0413:05.37 
  ´Document Viewer´13:05.51 
chrisl So, no Postscript interpreter then13:06.06 
weijunli Oh.. can you suggest a viewer with ps interpreter that i can just apt install ?13:07.18 
chrisl The only one around is Ghostscript13:07.32 
weijunli hmm13:08.23 
  I got **** Error: stream Length incorrect.13:08.25 
  Output may be incorrect.13:08.26 
  how to i calc the exact stream len?13:08.50 
chrisl No one is going to devote time to implementing Postscript inside PDF to support a feature deprecated since 200113:08.51 
  weijunli: It's the number of bytes in the stream13:09.21 
  weijunli: This is all covered in the PDF spec13:09.54 
weijunli It says Page 1 has stream length incorrect13:14.20 
  but i didnt set any stream on Page 1 though13:14.28 
chrisl 5 0 obj13:15.41 
  <</Length 30>>13:15.41 
  Object 5 is the content stream for the first page13:16.16 
  Hence the warning is *very* clearly correct13:16.36 
weijunli Length 0 is the right size?13:18.30 
chrisl "Length integer (Required) The number of bytes from the beginning of the line fol-13:19.00 
  lowing the keyword stream to the last byte just before the keyword13:19.00 
  endstream . (There may be an additional EOL marker, preceding13:19.00 
  endstream , that is not included in the count and is not logically part13:19.00 
  of the stream data.) See “Stream Extent,” above, for further discus-13:19.00 
weijunli chrisl, I can run the pdf with `gs my.pdf` without any errors but still doesnt create the file13:23.47 
chrisl weijunli: Well, I say that Postscript XObjects have been "deprecated since 2001 and disabled since 2008"13:24.59 
weijunli in order to test if it is indeed working properly I'd need to downgrade the gs to a 2000 version?13:26.28 
  Also, what are the objects that replaced the XObjects? By replace I mean, the language that has similar features as PS and still supported on pdfs ?13:27.03 
chrisl weijunli: I think we're done here: none of this is relevant to subject of this channel13:29.12 
  If you want to run Postscript, run a Postscript file.13:29.37 
weijunli Different subjects same course though, ppl might be interesting in such discussions as anyone is really asking any questions besides me13:32.49 
  and i pretty much believe this is one of the best # to do it, in this matter13:33.04 
  Im reading the PDF 1.7 official doc, and it has a page dedicated to postscript compatibility. Is Xobject completely deprecated or there's few features that still work?13:34.04 
chrisl *Postscript* XObjects are completely deprecated - in fact, I'm not sure Acrobat has *ever* supported them13:34.50 
kens I think they've been removed altogether from the current (PDF 2.0) specification13:35.22 
chrisl There *might* be at most 4 PDF implementation around the world that actually *ever* supported them13:35.38 
  And definitely only one open source implementation.....13:36.30 
weijunli Got it.. Where can I see all /Types supported by a pdf ? I am interested in seeing what stream data (languages I can put in a pdf)13:39.09 
  also, is the -dSAFER sandbox escape reported by `Taviso` still work on the version GPL Ghostscript 9.26 (2018-11-20) ?13:40.00 
  Another thing, the XObject may be removed on 2.0 but there are alot of docs that still use other pdf versions like 1.7, 1.413:43.16 
  how that works out?13:43.34 
chrisl Given that no widely used PDF consumers ever supported Postscript XObjects, it really makes no difference13:45.04 
weijunli chrisl, are you the guy that committed the fix for Tavis bug right13:48.03 
chrisl Which Tavis bug? There were several. I did most of them, I think, but others were involved, too13:48.44 
weijunli https://www.openwall.com/lists/oss-security/2018/10/09/413:49.05 
chrisl Yes, that was me13:49.48 
weijunli that exploit works on the version i said above? 13:50.06 
chrisl No13:50.27 
weijunli Any public exploit that does work on that version? thats the version the internal app I told about uses.13:52.31 
chrisl There probably are, yes. Although, even if you enable Postscript XObjects in PDF, I doubt any of the exploits will work as they were reported13:54.14 
kens I'm reaonably certain teh ones that rely on exploting the error handler won't work, since the PDF interpreter runs a lot of stuff in stopped and therefore doesn't invoke the error handler. Even if it did, the stack shape (which the explout relies on) will likely be different13:55.43 
  Making a PS XObject is not a good way to test a PostScript explout13:56.03 
weijunli hmm. I´d appreciate if you guys could share some material to get a bigger picture. Only public stuff ofc.13:57.27 
kens I think we've gone about as far as we can. If you want to test one of the public exploits, try it in PostScript, not PDF.13:58.00 
weijunli I understand.. I tried the exploit on that link on the version I said, and I get Error: /undefined in GS_PDF_ProcSet13:59.07 
kens Yep13:59.19 
  We hid teh definition of the ProcSet as part of one of teh fixes13:59.30 
weijunli Alright. Thanks alot ;) will poke around a little bit14:00.15 
chrisl If you're using a Linux distro package of gs, it may well have been patched with the security fixes as they were published14:00.19 
kens Yes, that's a good point.14:00.36 
weijunli Cool. Thanks for your attetion14:01.03 
chrisl And understanding the way the exploits work would mean a pretty deep understanding of Postscript, and some specifics about the Ghostscript implementation14:01.38 
  And *then* understanding why it wouldn't work in a PDF would mean getting at least some understanding of the Ghostscript PDF interpreter14:02.18 
kens That would be 'challenging'14:02.33 
 <<<Back 1 day (to 2020/02/04)Forward 1 day (to 2020/02/06)>>> 
ghostscript.com #mupdf