> As I understand it, neither the SELinux nor seccomp methods catch the
> boundary errors. The boundary errors can still be used for exploits that
> display silly doodles in the Acroread window instead of displaying the
> PDF, for example.
Um, displaying content is not an exploit. Or if it is, the only secure PDF decoder is /dev/null.
I don't need to be a hacker to give you a PDF that displays a silly doodle. I can just create a pdf that embeds a silly doodle.