The days that PDFs were the granny-proof Swiss Army knives of document sharing are definitely over, according to [vk6]. He has managed to pull off the ultimate mind-bender: running Linux inside a PDF file. Yep, you read that right. A full Linux distro chugging along in a virtual machine all encapsulated within a document. Just when you thought running DOOM was the epitome of it. You can even try it out in your own browser, right here. Mind-boggling, or downright Pandora’s box?
Let’s unpack how this black magic works. The humble PDF file format supports JavaScript – with a limited standard library, mind you. By leveraging this, [vk6] managed to compile a RISC-V emulator (TinyEMU) into JavaScript using an old version of Emscripten targeting asm.js instead of WebAssembly. The emulator, embedded within the PDF, interfaces with virtual input through a keyboard and text box.
The graphical output is ingeniously rendered as ASCII characters – each line displayed in a separate text field. It’s a wild solution but works astonishingly well for something so unconventional.
Security-wise, this definitely raises eyebrows. PDFs have long been vectors for malware, but this pushes things further: PDFs with computational power. We know not to trust Word documents, whether they just capable of running Doom, or trash your entire system in a blink. This PDF anomaly unfolds a complete, powerful operating system in front of your very eyes. Should we think lightly, and hope it’ll lead to smarter, more interactive PDFs – or will it bring us innocent looking files weaponized for chaos?
Curious minds, go take a look for yourself. The project’s code is available on GitHub.
Note: the PDF only works inside Chromium-based browsers. [Whew – I’m safe, Firefox here!]
You know what other document format has support for arbitrary embedded javascript? HTML. Pretty sure that works inside Firefox.
Ah, thats why Firefox and also Evince said “Nope” to this.
First we get a BASIC interpreter running in BASIC, now Linux running in PDFs. Is this Inception week?
Running Doom in the Linux emulator would be inception
Exactly! But how should we run Doom? Easiest way would be to open the doom pdf in linux running inside the pdf I guess :p
obviously :D
Has someone implemented a pregnancy test virtual machine that runs in linux-in-pdf yet?
Doom, in WINE, in Linux, in .pdf…
On a mac.
Dunno, i was ten years in cyber security and this gives me headaches. Good thing then that my default PDF readers everywhere are not executing the JS stuff.
Now port a PDF reader to it
“Yo, dawg, I heard you like PDFs…”
If the pdf interpreter correctly sandboxes the content it should all be ok.
Decades ago i had a root window in a linux machine inside an emulator… All it did was scare the hell out of our sysop…
“If the pdf interpreter correctly sandboxes the content it should all be ok.”
You know…? It used to be: “If the operating system correctly sandboxes the content it should all be ok. But we could never trust the operating system to correctly sandbox content.
So, as the pdf interpreter runs on top of an operating system, and the pdf interpreter makes use of the operating system’s functions, it will be impossible for the pdf interpreter to correctly sandbox content, as it uses operating system calls that are not correctly sandboxed.
There’s a vacuously true conditional if I’ve ever seen one!
So this suggests I should add a bitcoin miner to all the PDFs I send out?
So what’s this new-hotness document format that replaced PDF?
Has the world finally decided to like TeX? Is the FOSS community doing that cognitive dissonance thing where it thinks .doc files are cool? Has Google — sorry, what is it today.. Alphabet? — come out with another “this is entirely about giving us more control over the internet but we promise it won’t end up in the graveyard of all our other 800-pound gorilla projects once we get tired of it” deal like WebP or that “use this instead of links” thing? Or has someone just been huffing shop chemical fumes long enough to think HTML is a page layout system?
Forget Doom. Characters? Maybe run NetHack/Rogue/Hack on the PDF page?
Imagine a PDF with an embedded AI that can explain the contents of the PDF to you.
Why not use Open XPS or DjVu instead of PDF?