Hi Dave,

We are talking about a whitelisting feature. And the discussion tries to 
evaluate if requirements between macro and hyperlink do differ from user 
perspective

I suggest not to mix whitlisting feature with the particular security method. 
Ideal would be if the security has only the need to ask. 
Whitelist.IsAllowed(URL, <certificate>)
 and that's it. 
It may be from an architectural standpoint that this might be even a property 
of the Url itself instead of the a security method. 

All the best
Peter


Am 7. Mai 2021 07:26:28 MESZ schrieb Dave Fisher <w...@apache.org>:
>I think it is really important to not mix macro security with hyperlink
>security. We are discussing hyperlink security.
>
>If you look into the bugzilla and the way we fixed the recently
>disclosed CVE you will find that mixing the two was how many of these
>issues have lingered for 15 years since OpenOffice.org 2.0 in roughly
>2006.
>
>Please discuss improvements with macros elsewhere.
>
>Regards,
>Dave
>
>> On May 5, 2021, at 10:44 AM, Peter Kovacs <pe...@apache.org> wrote:
>> 
>> 
>> On 05.05.21 14:37, Arrigo Marchiori wrote:
>>> Hello,
>>> 
>>> On Wed, May 05, 2021 at 07:08:11AM +0000, Peter Kovacs wrote:
>>> 
>>>> The best approach I believe is to add a whitelist feature as for
>macro
>>>> files.
>>>> 
>>>> Users can add then the links they wish to approve.
>>> Do you mean file-based whitelists instead of target-based?
>>> 
>>> I will try to explain myself better: the current filter on AOO
>4.1.10
>>> is target-based, because it is the target of the link that triggers
>>> the warning. Are you suggesting to add a whitelist based on files,
>for
>>> example "allow any links in documents from this directory"?
>>> 
>>> If so, would you use the same whitelist as for macros, or would you
>>> introduce another one?
>> 
>> I do not think that it makes sense to allow
>https://my.payload.crime/AOO_diskscrambler.ods to be seen as save
>target for opening and macro execution at the same time.
>> 
>> Better is to have both separated. And the simple practicable solution
>is to just add an own list which allows targets to be listed.
>> 
>> 
>> If we would want to have a vision, where we should develop to, this
>would be mine:
>> 
>> We have One list and 2 properties. 1 property for hyperlink
>whitelisting, the other one for (macro) execution. I like our 4
>security stages.
>> 
>> Example for a customized setup on a POSIX filesystem (security level
>3 = very high and 0 = low; first value is hyperlink, second value is
>macro execution of this origin):
>> 
>> /tmp  (3,3) => Everything in the temp folder does not open links or
>execute macros
>> 
>> ~/ (2,2) => something that is within the home path, but not a folder
>listed below, may execute signed macros or open targets that have a
>trusted certificate
>> 
>> ~/Downloads (2,3) => Downloads may open Links with a trusted
>certificate but not allow to execute any macros
>> 
>> ~/onlymystuff (0,0) => this is my documents and I allow everything
>possible here.
>> 
>> ~/macro_examples (3,1) => delivered example I do not want them to
>execute, but they may be not linked by another document.
>> 
>> ftps://securecontent.org ( 2,2) => this links pointing to this target
>are opened, and the downloaded file may execute macros if they are
>signed with a trusted key.
>> 
>> 
>> All the best
>> 
>> Peter
>> 
>> -- 
>> This is the Way! http://www.apache.org/theapacheway/index.html
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
>> For additional commands, e-mail: dev-h...@openoffice.apache.org
>> 
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
>For additional commands, e-mail: dev-h...@openoffice.apache.org

Reply via email to