https://bugs.documentfoundation.org/show_bug.cgi?id=158090
Bug ID: 158090
Summary: No way to run signed macros from unsigned document in
Medium security level
Product: LibreOffice
Version: 7.2.0.4 release
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: bisected, regression
Severity: normal
Priority: medium
Component: BASIC
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected]
Created attachment 190684
--> https://bugs.documentfoundation.org/attachment.cgi?id=190684&action=edit
Unsigned document with signed macros
Since commit 1dc71daf7fa7204a98c75dac680af664ab9c8edb (Improve macro checks,
2021-01-28) it is impossible to run signed macros inside unsigned document in
Medium security level.
0. Use Medium macro security level
1. Use attachment 144453 from bug 119507, which is a template with signed
macros, to create a new document (allow macros);
2. See that it is possible to run the macro by clicking the button;
3. Save the document, and reload (allow macros!);
=> See that there's a "Macros are signed, but the document (containing document
events) is not signed." infobar. Clicking the button does not run the macro;
manually launching the macro from IDE gives "For security reasons, you cannot
run this macro." error box.
It does not make sense to disallow signed macros is a situation when unsigned
macros were allowed - given everything else equal. The information about the
fact that the document is unsigned could be provided as an additional data
point in the initial warning dialog, where the user made their choice; but as
soon as they decided to allow macros, they must not be blocked.
The attachment is a document created using steps 1-3.
Note also, that this change seems to contradict with the underlying principles,
that show e.g. in help [1] about Medium security level:
> Confirmation required before executing macros from unknown sources.
>
> Trusted sources can be set on the Trusted Sources tab page. Signed macros from
> a trusted source are allowed to run. In addition, any macro from a trusted
> file location is allowed to run. All other macros require your confirmation.
The ability to separately sign macros is there to allow users to see that the
code that is running comes from a trusted source. Indeed, the document may be
modified to change the behavior; but that's always the case when you have
documents with macros - if you don't know their source, you have a risk; and it
is no greater when the macros are signed.
[1]
https://help.libreoffice.org/24.2/en-US/text/shared/optionen/macrosecurity_sl.html
--
You are receiving this mail because:
You are the assignee for the bug.
