[pdftex] PTEX.FileName contains file system information

Stephan Hennig mailing_list at arcor.de
Sun Aug 5 12:48:07 CEST 2007 

Reinhard Kotucha schrieb:

>  >> /PTEX.FileName (pic.pdf)
>  
>  > That is, the names of imported pdf files can be seen in the output file
>  > by inspecting it with an editor.  What is the rationale for putting file
>  > system related information into pdf output?
>  
> This information can be used by a PDF post-processor in order to
> process included graphics separately.

Is the file name really needed if the files are already included?

I wonder how many people make use of such a feature.


> I assume that you have document security in mind.  But /PTEX.FileName
> is only one issue.  You can always convert a PDF file to PS, edit the
> PS file, and convert it back to PDF.

Well, that answers the next question:  How to remove that line from pdf
documents?  Is that the recommended way (or as James pointed out a
script)?  If so, it actually required me to do any post-processing at
all.  That's why I propose to write the /PTEX.FileName line only on
explicit request.


> If you are concerned about security you should encrypt the file.
> This is the only way to make a PDF file "readonly".  A very good tool
> is pdftk.

What kind of encryption do you have in mind (I do not really know much
about PDF encryption)?  Does Adobe's access control prevent someone from
looking at a file with an editor?

Speaking about file encryption, for most of my files, I do not like to
distribute a password along with the file.  Anybody, even search
engines, should by able to read the files I put into public without any
barrier.

But I'm concerned about pdfTeX unintentionally revealing:

(a)  file naming conventions,
(b)  infrastructure information,
(c)  identity information.

Keep in mind that some kinds of attack with restricted file system
access need to know absolute or relative file paths.  Together with the
knowledge about file naming conventions arbitrary files could
possibly be accessed, e.g., when a new security leak is found in web
browsers.

I'd classify all those information as private and would like to see
pdfTeX being as carefully with private information as possible.


> I suggest to leave things as they are.

As a minimum solution, I propose providing a convenient way to suppress
that line being written.  That is, a pdfTeX option that had to be set
for every pdfTeX run individually wouldn't help much.

Again, I'd prefer to only write that line on request.

Best regards,
Stephan Hennig

More information about the pdftex mailing list