A researcher has achieved the astonishing feat of running a full Linux distro inside a PDF file using virtualization technology. The PDF file contains a JavaScript-based RISC-V emulator, which interfaces with user input and renders graphical output as ASCII characters.
The project uses an old version of Emscripten to compile a RISC-V emulator into JavaScript, allowing it to run within the limited standard library of the PDF format. This innovative solution enables users to interact with the Linux system via a keyboard and text box.
However, this achievement raises significant security concerns. PDFs have long been vulnerable to malware, but this project takes it further by introducing computational power to the mix. The researcher’s work highlights the potential for malicious use of interactive PDFs, which could be exploited to launch attacks or spread malware.
The project’s code is available on GitHub, and users can test the PDF file in Chromium-based browsers. Notably, Firefox and other browsers have rejected the PDF due to security concerns.
As the technology continues to evolve, it’s essential to consider the implications of this innovation for document sharing and security. While it may lead to more interactive and engaging PDFs, it also introduces new risks that need to be addressed.
Source: https://hackaday.com/2025/02/10/nice-pdf-but-can-it-run-linux-yikes