I've been reading about this google/china episode and and it seems that one of the attack vectors used was embedding code (javascript I believe) into PDF documents. This has me worried, I surely don't want any PDF documents executing code on my machine unless I explicitly say so. I run all Linux systems though, so is a simple chmod -x doc.pdf good enough? (Not that any of my PDF files have exec privs anyway)
Are there any tools out there to scan for PDF with embedded code? I'm looking for Linux tools, but if anyone know of any Windows tools for this, I'm sure others would find them useful.
Also, the reader I use now is evince, does anyone know if evince even executes code embedded in PDFs? There's no option to turn it off and evince generally seems to be minimalistic so I suspect not.
The execute bit on the filesystem will not make a difference for this problem. The execution happens within the reader application. The reader is then dealing with the content that has been loaded, and if that content has javascript it will execute. This is the same scenario as opening an HTML page in a browser. The HTML page doesn't need execute set in order to run the javascript.
As for evince, I don't know for sure...but I think you are correct that it doesn't deal w/ embedded javascript in PDFs.
An antivirus program should handle this case, and there are of course plenty of those for Windows. Since PDF files are nowadays a pretty common attack vector, PDF file scanning is a standard feature of these products. It won't give you a contains code/does not contain code answer, but it will block or remove files that contain known or potential exploits.
I can inform you, that Google Chrome's built in pdf viewer does not run javascript at the moment.
This is a problem for me as I am trying to use this code to fill in form fields, but may be of interest to you in preventing possible malicious attacks.