Hi Jim,

Am 06.05.21 um 15:08 schrieb Jim Jagielski:
> Once we tag HEAD of AOO41X to AOO4110

Can't wait! ;-)

I have dozens of commits to be backported to AOO41X...

Matthias

>
>> On May 6, 2021, at 8:28 AM, Matthias Seidel <matthias.sei...@hamburg.de> 
>> wrote:
>>
>> Hi all,
>>
>> Just a pragmatic question:
>>
>> When do we want to start working on AOO 4.1.11?
>>
>> The sooner we branch it, the sooner we can do Test builds and let people
>> see if their problem is fixed...
>>
>> Matthias
>>
>> Am 05.05.21 um 23:31 schrieb Peter Kovacs:
>>> On 05.05.21 22:11, Arrigo Marchiori wrote:
>>>> Hello Peter, all,
>>>>
>>>> On Wed, May 05, 2021 at 05:44:17PM +0000, Peter Kovacs wrote:
>>>>
>>>>> On 05.05.21 14:37, Arrigo Marchiori wrote:
>>>>>> Hello,
>>>>>>
>>>>>> On Wed, May 05, 2021 at 07:08:11AM +0000, Peter Kovacs wrote:
>>>>>>
>>>>>>> The best approach I believe is to add a whitelist feature as for
>>>>>>> macro
>>>>>>> files.
>>>>>>>
>>>>>>> Users can add then the links they wish to approve.
>>>>>> Do you mean file-based whitelists instead of target-based?
>>>>>>
>>>>>> I will try to explain myself better: the current filter on AOO 4.1.10
>>>>>> is target-based, because it is the target of the link that triggers
>>>>>> the warning. Are you suggesting to add a whitelist based on files, for
>>>>>> example "allow any links in documents from this directory"?
>>>>>>
>>>>>> If so, would you use the same whitelist as for macros, or would you
>>>>>> introduce another one?
>>>>> I do not think that it makes sense to allow
>>>>> https://my.payload.crime/AOO_diskscrambler.ods to be seen as save
>>>>> target for
>>>>> opening and macro execution at the same time.
>>>>>
>>>>> Better is to have both separated. And the simple practicable
>>>>> solution is to
>>>>> just add an own list which allows targets to be listed.
>>>> I see.  But please let us distinguish targets and sources.
>>> Well, yea this is a nice abstraction I did not make. Good one.
>>>> The macros' whitelist contains _directories_ (I don't really like
>>>> calling them folders, I hope you don't mind) whose files are trusted,
>>>> with respect to macro execution.
>>> sure. Names are sound and smoke ;) - sorry can not resist this german
>>> IT idiom.
>>>> In your reply above you seem to discuss a whitelist of _link targets_?
>>>> Not documents, containing links that shall always be followed?
>>> Yes, I thought on the target of the link. For me was this the
>>> important trait.
>>>
>>> However if I think in which document I grant the security level. Hmm,
>>> I think this makes the whole concept a lot easier.
>>>
>>> Plus we would then one list. So we extend an existing feature.
>>>
>>>>> If we would want to have a vision, where we should develop to, this
>>>>> would be
>>>>> mine:
>>>>>
>>>>> We have One list and 2 properties. 1 property for hyperlink
>>>>> whitelisting,
>>>>> the other one for (macro) execution. I like our 4 security stages.
>>>> The four security levels currently available for macros, if I
>>>> understand correctly, are based on a combination of:
>>>>
>>>>   - digital signatures of the macros (signed or not),
>>>>   - trust of certain digital signatures (certificate trusted or not),
>>>>   - position of the document (directory whitelisted or not).
>>>>
>>>> This is... quite complex IMHO.
>>> That why I have written it is maybe a vision. And maybe it is to much.
>>>> Did you refer exactly to this model?
>>> yes kind of. I thought that a hyperlink has some sort of certiicate
>>> and an macro can have some certification and that is kind of the same
>>> thing...
>>>> Or
>>>> shall we rather adopt a simpler one for links, for example only
>>>> considering the directories whitelist?
>>> Now that I think on your approach I think we should only look at the
>>> directory that the document has been opened from. But still I would
>>> still rather configure it per directory, then in a general and work
>>> with exclusions.
>>>
>>> However this is maybe not so smart to implement now, since our profile
>>> is not robust enough. It will break eventually, and then all nice
>>> settings are lost. And that is not something I would like to have.
>>>
>>>> And to understand better: does AOO allow to sign individual macros? Or
>>>> just the document containing them? I don't think that it allows to
>>>> sign individual links within a document.
>>> No it would not sign individual links on the document.- But don't we
>>> have document signing?
>>>
>>> For links we could check if the document is signed.
>>>
>>>
>>> So summing up:
>>>
>>> # Instead of checking where the hyperlink is refering to, only check
>>> where the document has been stored. (Treat hyperlinks as macros so to
>>> say.)
>>>
>>> # As an enhancement we could add a model that checks for the nearest
>>> applicable path to the document, and applies that rule.
>>>
>>>>> Example for a customized setup on a POSIX filesystem (security level
>>>>> 3 =
>>>>> very high and 0 = low; first value is hyperlink, second value is macro
>>>>> execution of this origin):
>>>>>
>>>>> /tmp  (3,3) => Everything in the temp folder does not open links or
>>>>> execute
>>>>> macros
>>>>>
>>>>> ~/ (2,2) => something that is within the home path, but not a folder
>>>>> listed
>>>>> below, may execute signed macros or open targets that have a trusted
>>>>> certificate
>>>>>
>>>>> ~/Downloads (2,3) => Downloads may open Links with a trusted
>>>>> certificate but
>>>>> not allow to execute any macros
>>>>>
>>>>> ~/onlymystuff (0,0) => this is my documents and I allow everything
>>>>> possible
>>>>> here.
>>>>>
>>>>> ~/macro_examples (3,1) => delivered example I do not want them to
>>>>> execute,
>>>>> but they may be not linked by another document.
>>>>>
>>>>> ftps://securecontent.org ( 2,2) => this links pointing to this
>>>>> target are
>>>>> opened, and the downloaded file may execute macros if they are
>>>>> signed with a
>>>>> trusted key.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
> For additional commands, e-mail: dev-h...@openoffice.apache.org
>
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to