I think it is really important to not mix macro security with hyperlink 
security. We are discussing hyperlink security.

If you look into the bugzilla and the way we fixed the recently disclosed CVE 
you will find that mixing the two was how many of these issues have lingered 
for 15 years since OpenOffice.org 2.0 in roughly 2006.

Please discuss improvements with macros elsewhere.

Regards,
Dave

> On May 5, 2021, at 10:44 AM, Peter Kovacs <pe...@apache.org> wrote:
> 
> 
> On 05.05.21 14:37, Arrigo Marchiori wrote:
>> Hello,
>> 
>> On Wed, May 05, 2021 at 07:08:11AM +0000, Peter Kovacs wrote:
>> 
>>> The best approach I believe is to add a whitelist feature as for macro
>>> files.
>>> 
>>> Users can add then the links they wish to approve.
>> Do you mean file-based whitelists instead of target-based?
>> 
>> I will try to explain myself better: the current filter on AOO 4.1.10
>> is target-based, because it is the target of the link that triggers
>> the warning. Are you suggesting to add a whitelist based on files, for
>> example "allow any links in documents from this directory"?
>> 
>> If so, would you use the same whitelist as for macros, or would you
>> introduce another one?
> 
> I do not think that it makes sense to allow 
> https://my.payload.crime/AOO_diskscrambler.ods to be seen as save target for 
> opening and macro execution at the same time.
> 
> Better is to have both separated. And the simple practicable solution is to 
> just add an own list which allows targets to be listed.
> 
> 
> If we would want to have a vision, where we should develop to, this would be 
> mine:
> 
> We have One list and 2 properties. 1 property for hyperlink whitelisting, the 
> other one for (macro) execution. I like our 4 security stages.
> 
> Example for a customized setup on a POSIX filesystem (security level 3 = very 
> high and 0 = low; first value is hyperlink, second value is macro execution 
> of this origin):
> 
> /tmp  (3,3) => Everything in the temp folder does not open links or execute 
> macros
> 
> ~/ (2,2) => something that is within the home path, but not a folder listed 
> below, may execute signed macros or open targets that have a trusted 
> certificate
> 
> ~/Downloads (2,3) => Downloads may open Links with a trusted certificate but 
> not allow to execute any macros
> 
> ~/onlymystuff (0,0) => this is my documents and I allow everything possible 
> here.
> 
> ~/macro_examples (3,1) => delivered example I do not want them to execute, 
> but they may be not linked by another document.
> 
> ftps://securecontent.org ( 2,2) => this links pointing to this target are 
> opened, and the downloaded file may execute macros if they are signed with a 
> trusted key.
> 
> 
> All the best
> 
> Peter
> 
> -- 
> This is the Way! http://www.apache.org/theapacheway/index.html
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
> For additional commands, e-mail: dev-h...@openoffice.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org

Reply via email to