[opensuse-security] disabling javascript on acroread
The latest acroread bug http://www.adobe.com/support/security/advisories/apsa09-01.html makes me wonder if there is a way of disabling javascript on a systemwide basis for acroread and the acroread browser plug-in. I have done some googling and there is plenty of advice on disabling it for an individual via the GUI but I would like to do it centrally for 300 users who are not very good at reading email. I also tried making the change for my own username and trying to see which files had changed, but lots of files changed and it wasn't clear which was relevant. Any suggestions? Thanks, Bob -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Mon, Feb 23, 2009 at 11:32:06AM +0000, Bob Vickers wrote:
The latest acroread bug http://www.adobe.com/support/security/advisories/apsa09-01.html makes me wonder if there is a way of disabling javascript on a systemwide basis for acroread and the acroread browser plug-in.
I have done some googling and there is plenty of advice on disabling it for an individual via the GUI but I would like to do it centrally for 300 users who are not very good at reading email.
Acrobat implements many features (including javascript) as plugins. The javascript plugin is called EScript.api and is located in the plug_ins directory of the acrobat installation. I'm not sure for current suse systems, but here it's located in /usr/lib/Adobe/Reader8/Reader/intellinux/plug_ins/. If you remove the EScript.api file from the plug_ins directory, Acrobat can't use javascript anymore. Although strongly recommended for security reasons, you should be aware that there are side effects (many other plugins depend on javascript). HTH, Michel -- ~> rpm -q --whatrequires linux no package requires linux
participants (2)
-
Bob Vickers -
Michel Messerschmidt