Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: pdf forms bricked a user

  1. #1

    Default pdf forms bricked a user

    I had two (sometimes more) pdf files with forms open. One of the pdf files was

    http://forms.marylandtaxes.com/16_forms/502.pdf

    I copied the original to another file. When I opened the file to update, I found the original file had the changes too. Looks like they share a common work area. (?)

    But then the real excitement started. The kwrite program would not start. After clicking the text file several times it would finally come up. But eventually it would not start at all. And then other programs from the kicker would not start. Sometimes with a "can't start..." message, other times with no message. Just dumb.

    I did see one message that was more meaningful. Something about x-something maximum number of logins reached. I only had about 3 dolphins, ksysguard, and the several pdf files open. So I can't make sense out of that.

    It finally got to the point where nothing would start, and no message. Even after a reboot. The user is bricked.

    Luckily, I had a different unused user defined that I could use to create a new user. And copy the stuff from the bricked user, change the owner, etc...

    If it hadn't been for that unused user, the whole system would have been bricked. Because it will not allow login as root after a boot.

    Please don't ask me to duplicate this error. I don't want find out if this might expand to bricking the whole file system.


    I see two issues here:

    1) Whatever is going wrong with pdf forms needs to be fixed. That's a critical bug, seeing that it bricks users.

    2) OpenSUSE should not allow a system to be installed with just one user. If that one user gets bricked, then the whole system is bricked. (I understand the security concerns of root. But at least two normal and working users should always be there. Automatically create one called admin or something. You can switch to root once you login.)

  2. #2
    Join Date
    Mar 2015
    Location
    Viçosa, Brasil
    Posts
    263

    Default Re: pdf forms bricked a user

    Try open kwrite through the terminal to see what's going on.
    --
    Biostatistics and Data Science
    https://bio-data.github.io/

  3. #3

    Default Re: pdf forms bricked a user

    On 04/19/2017 09:16 AM, LouBryan wrote:

    > But then the real excitement started. The kwrite program would not
    > start. After clicking the text file several times it would finally come
    > up. But eventually it would not start at all. And then other programs
    > from the kicker would not start. Sometimes with a "can't start..."
    > message, other times with no message. Just dumb.
    >
    > I did see one message that was more meaningful. Something about
    > x-something maximum number of logins reached. I only had about 3
    > dolphins, ksysguard, and the several pdf files open. So I can't make
    > sense out of that.
    >
    > It finally got to the point where nothing would start, and no message.
    > Even after a reboot. The user is bricked.


    What do you see at the command line logging in as the user? That
    X/Gnome/KDE may be hosed, I do not doubt, but that the whole user is
    actually broken seems beyond reason, so let's figure it out. Once you
    login to the command line as that user, maybe you can run 'startx' (does
    that still work? hope so) to start the GUI and get some new error message
    from the X environment.

    > Luckily, I had a different unused user defined that I could use to
    > create a new user. And copy the stuff from the bricked user, change the
    > owner, etc...
    >
    > If it hadn't been for that unused user, the whole system would have been
    > bricked. Because it will not allow login as root after a boot.


    That's pretty unlikely; even if you had completely destroyed all users,
    you could still get in in recovery mode; if you use BtrFS you could
    presumably roll back the system side of things (not the user part) and get
    the system itself back.

    > Please don't ask me to duplicate this error. I don't want find out if
    > this might expand to bricking the whole file system.


    Also highly unlikely unless you run as 'root' which is crazy.

    > I see two issues here:
    >
    > 1) Whatever is going wrong with pdf forms needs to be fixed. That's a
    > critical bug, seeing that it bricks users.


    If it does break the X environment somehow, then I agree that's pretty
    bad. Since we do not have a lot to go on except "a PDF caused a problem
    far beyond what should have been possible", we should probably start with
    duplicating the problem.

    > 2) OpenSUSE should not allow a system to be installed with just one
    > user. If that one user gets bricked, then the whole system is bricked.
    > (I understand the security concerns of root. But at least two normal
    > and working users should always be there. Automatically create one
    > called admin or something. You can switch to root once you login.)


    This may seem logical at first, but it definitely is not. You can always
    recover a system with rescue media; you can roll back the system with
    BtrFS snapshots. You can go to single-user mode (assuming you have
    physical access or equivalent) and modify files without using any "user".
    Creating two users just means two attack surfaces, two prompts during
    setup, and no net benefit. 'root' could be used for this, but ideally
    'root' has no password, but you always have options to get to your data in
    Linux unless you munge the hard drive or lose your encryption key (if you
    use encryption).

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.

  4. #4

    Default Re: pdf forms bricked a user

    I mean tot ask: which exact version of openSUSE are you use? Any comments
    on the patches applied recently? Had you logged out and back in after
    applying any patches? Do you use Gnome or KDE? Which program did you use
    to open the PDF in the first place?

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.

  5. #5
    Join Date
    Sep 2008
    Posts
    2,997

    Default Re: pdf forms bricked a user

    I'm not sure why you tried to open a pdf file with kwrite?
    kwrite does not support pdf files and a large binary file might cause kwrite (and the plasma desktop) to freeze
    it's quite possible kwrite/plasma destroyed some config file you're better off with a clean user account and don't use a text editor for pdf forms
    afaik there are 4 ways to fill out pdf forms on opensuse
    #1 using chromium with the pdf plugin which is open sourced now and comes bundled with chromium and it's based on the foxit sdk
    #2 with mupdf, but mupdf form support is pretty basic
    #3 by using the abandoned and unsupported adobe reader 9 you can find it with a google search it's on adobe's public ftp I'm not sure the last version of opensuse that shipped it but it's 32bit and abandoned
    #4 by using the Foxit reader for Linux it comes as a binary blob but it has a 64 bit build and supports pdf forms, I'm not posting links you can find it with google

  6. #6

    Default Re: pdf forms bricked a user

    I do not think that LouBryan meant the files were opened with kwrite, but
    just that kwrite stopped would not work properly after the PDFs were used
    with whatever program WAS used.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.

  7. #7
    Join Date
    Sep 2008
    Posts
    2,997

    Default Re: pdf forms bricked a user

    that's how I understood it the OP wasn't clear enough as the title is pdf forms and the only application he mentions is kwrite
    could a 3rd party pdf viewer destroyed his plasma config files?
    maybe, but as opensuse only comes with chromium and mupdf that have some sort of pdf forms support I really doubt that they're the culprits
    I did open the linked document and had no issues so I don't think it was a malicious pdf file
    there was a large security hole regarding pdf's found in openjpeg (it's used for jpeg2000 compressed images in pdf's)
    http://www.securityweek.com/openjpeg...us-image-files
    even tho the LEAP version of openjpeg is at 2.1.0 I do think they backported the security fixes from 2.1.2
    (fingers crossed)

  8. #8
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,823
    Blog Entries
    1

    Default Re: pdf forms bricked a user

    Quote Originally Posted by I_A View Post
    that's how I understood it the OP wasn't clear enough as the title is pdf forms and the only application he mentions is kwrite
    could a 3rd party pdf viewer destroyed his plasma config files?
    maybe, but as opensuse only comes with chromium and mupdf that have some sort of pdf forms support I really doubt that they're the culprits
    I did open the linked document and had no issues so I don't think it was a malicious pdf file
    there was a large security hole regarding pdf's found in openjpeg (it's used for jpeg2000 compressed images in pdf's)
    http://www.securityweek.com/openjpeg...us-image-files
    even tho the LEAP version of openjpeg is at 2.1.0 I do think they backported the security fixes from 2.1.2
    (fingers crossed)
    Yes, and from in link in the Wikileaks Vault 7 (CIA dump) which pointed to a publicly available slide presentation from SYSCAN 360 2014 about how bad AV software can and has been, there is an interesting part about malformed PDF files which can result in owning a machine... but a FYI is that not all such incidents are intentional... There can be coding accidents, random corruptions and other misc things that can happen that might result in a simple system freeze instead. This kind of stuff might make a User paranoid.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  9. #9
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,729

    Default Re: pdf forms bricked a user

    Quote Originally Posted by I_A View Post
    afaik there are 4 ways to fill out pdf forms on opensuse
    #1 using chromium with the pdf plugin which is open sourced now and comes bundled with chromium and it's based on the foxit sdk
    #2 with mupdf, but mupdf form support is pretty basic
    #3 by using the abandoned and unsupported adobe reader 9 you can find it with a google search it's on adobe's public ftp I'm not sure the last version of opensuse that shipped it but it's 32bit and abandoned
    #4 by using the Foxit reader for Linux it comes as a binary blob but it has a 64 bit build and supports pdf forms, I'm not posting links you can find it with google
    I am not doing it that often, but I use Okular.
    Henk van Velden

  10. #10
    Join Date
    Sep 2008
    Posts
    2,997

    Default Re: pdf forms bricked a user

    I've never used pdf forms and I thought Okular didn't support them
    but apparently Okular supports pdf forms since version 0.7 and the LEAP version 1.0 supports them

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •