-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, Nov 14, 2017 at 12:37:27PM -0500, Michael Carbone wrote: > Hi folks, > > A colleague at CIRCL recently released ODFCleaner: > > https://github.com/CIRCL/ODFCleaner > > Could be worth exploring integration as an additional feature similar to > Convert to trusted PDF.
Well, this indeed could be useful. Also, running such tool in DispVM makes sense. But the security model here is very different than PDF converter. In PDF converter we have two parts: - complex one: rendering PDF in DispVM, returning "simple representation" - simple one - running in calling VM, responsible for parsing trivial(!) format returned data from the first part and assembling it back into PDF In ODFCleaner I don't see any simple representation in between. So, if that code got exploited(*), the resulting file may still be hostile. So, running this tool in DispVM may be useful to guard file-storing VM. But it will not guarantee that the output file is safe. (*) which is IMO less likely for this code, than for full LibreOffice. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJaCBAhAAoJENuP0xzK19csVNwH/RdxcXuwAQzj8qeNW+q+APQm 61bAvYpuUo9dmzF+t3rTxfiWUGDygKDhIu7M1UJL7QTCGeHZxjrsERx8luIg6+hy ig7pm4sKHhnA/oA+EP54KudWYwJ7KGCDfs1nuZO6LEUC3NXsrFuFAc1yAQmVYkn2 XWo0E1gkBrVt8TG2Z4Dq/7ueFl0G63b00vuo4V4gA4uUV0i/5whnmGtmZqbwBvx3 yQDcCUmeNbESQXfxI79s/QlD8CKyNQCBld1dLxG/8aJCTmKXbS6Pwv+94xCtL6ht 5lGL8XhH7yb8a/6I2V7O5AyapylOEt6xUkYV8KxVUiDzsASRmdT+8bF8Mlu/CI8= =v/S/ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20171114230715.GW1061%40mail-itl. For more options, visit https://groups.google.com/d/optout.
