8

When ever I use a browser reading PDF the acrobat plugin is used producing a file called C:\nppdf32Log\debuglog.txt in my home. Is there any way to prevent that this given file can be created? I mean I could create it with root permissions so that this file already exists but I want to silently vanish this file. I am using ext4.

Braiam
  • 35,991
math
  • 185
  • 2
    I would simply create a cron-job which deletes this file regularly. – jofel Apr 04 '13 at 09:41
  • Having a directory with that name is pretty good at preventing the file from being created, but that doesn't get you closer to not having the entry at all. I guess you could have a wrapper script around your browser that deletes that file on termination... – Ulrich Schwarz Apr 04 '13 at 10:26
  • 1
    I was wondering where that file came from! – Joe Apr 05 '13 at 18:51

1 Answers1

4

You should be able to achieve this with AppArmor, which allows one to block access based on pathname. File system type doesn't play any role in this case.

Another option is of course using another PDF viewer. If you insist on having it in the browser then for example Firefox from version 19 on has a built-in JavaScript one.

You can also hack the plugin as mentioned in the Ubuntu bug. I now remember doing that long time ago (either the bug has been there for ages or it has been reintroduced lately), when I was still using it. If you have Perl installed, you can "fix" the plugin with:

perl -p -e 's,C:\\nppdf32,/dev/null\0,' /usr/lib/browser-plugins/nppdf.so

(you may need to update the path to the file for your distribution).

peterph
  • 30,838
  • For completeness: There are other security frameworks like grsecurity, SELinux or SMACK. They should be able to do the same, but most of them are more difficult than AppAmor. – jofel Apr 04 '13 at 09:53
  • @jofel I'm not really sure SELinux would work in this case, since it uses inodes - and you don't know the inode before the file is actually created. It might work by preventing acroread from writing the parent directory (by inode), though. – peterph Apr 04 '13 at 09:57