Hi Dave, We are talking about a whitelisting feature. And the discussion tries to evaluate if requirements between macro and hyperlink do differ from user perspective
I suggest not to mix whitlisting feature with the particular security method. Ideal would be if the security has only the need to ask. Whitelist.IsAllowed(URL, <certificate>) and that's it. It may be from an architectural standpoint that this might be even a property of the Url itself instead of the a security method. All the best Peter Am 7. Mai 2021 07:26:28 MESZ schrieb Dave Fisher <w...@apache.org>: >I think it is really important to not mix macro security with hyperlink >security. We are discussing hyperlink security. > >If you look into the bugzilla and the way we fixed the recently >disclosed CVE you will find that mixing the two was how many of these >issues have lingered for 15 years since OpenOffice.org 2.0 in roughly >2006. > >Please discuss improvements with macros elsewhere. > >Regards, >Dave > >> On May 5, 2021, at 10:44 AM, Peter Kovacs <pe...@apache.org> wrote: >> >> >> On 05.05.21 14:37, Arrigo Marchiori wrote: >>> Hello, >>> >>> On Wed, May 05, 2021 at 07:08:11AM +0000, Peter Kovacs wrote: >>> >>>> The best approach I believe is to add a whitelist feature as for >macro >>>> files. >>>> >>>> Users can add then the links they wish to approve. >>> Do you mean file-based whitelists instead of target-based? >>> >>> I will try to explain myself better: the current filter on AOO >4.1.10 >>> is target-based, because it is the target of the link that triggers >>> the warning. Are you suggesting to add a whitelist based on files, >for >>> example "allow any links in documents from this directory"? >>> >>> If so, would you use the same whitelist as for macros, or would you >>> introduce another one? >> >> I do not think that it makes sense to allow >https://my.payload.crime/AOO_diskscrambler.ods to be seen as save >target for opening and macro execution at the same time. >> >> Better is to have both separated. And the simple practicable solution >is to just add an own list which allows targets to be listed. >> >> >> If we would want to have a vision, where we should develop to, this >would be mine: >> >> We have One list and 2 properties. 1 property for hyperlink >whitelisting, the other one for (macro) execution. I like our 4 >security stages. >> >> Example for a customized setup on a POSIX filesystem (security level >3 = very high and 0 = low; first value is hyperlink, second value is >macro execution of this origin): >> >> /tmp (3,3) => Everything in the temp folder does not open links or >execute macros >> >> ~/ (2,2) => something that is within the home path, but not a folder >listed below, may execute signed macros or open targets that have a >trusted certificate >> >> ~/Downloads (2,3) => Downloads may open Links with a trusted >certificate but not allow to execute any macros >> >> ~/onlymystuff (0,0) => this is my documents and I allow everything >possible here. >> >> ~/macro_examples (3,1) => delivered example I do not want them to >execute, but they may be not linked by another document. >> >> ftps://securecontent.org ( 2,2) => this links pointing to this target >are opened, and the downloaded file may execute macros if they are >signed with a trusted key. >> >> >> All the best >> >> Peter >> >> -- >> This is the Way! http://www.apache.org/theapacheway/index.html >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org >> For additional commands, e-mail: dev-h...@openoffice.apache.org >> > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org >For additional commands, e-mail: dev-h...@openoffice.apache.org