Hi all, On 11/15/2017 12:07 AM, Marek Marczykowski-Górecki wrote: > On Tue, Nov 14, 2017 at 12:37:27PM -0500, Michael Carbone wrote: >> Hi folks, > >> A colleague at CIRCL recently released ODFCleaner: > >> https://github.com/CIRCL/ODFCleaner > >> Could be worth exploring integration as an additional feature similar to >> Convert to trusted PDF. > > Well, this indeed could be useful. Also, running such tool in DispVM > makes sense. But the security model here is very different than PDF > converter. In PDF converter we have two parts: > - complex one: rendering PDF in DispVM, returning "simple > representation" > - simple one - running in calling VM, responsible for parsing > trivial(!) format returned data from the first part and assembling it > back into PDF > > In ODFCleaner I don't see any simple representation in between. So, if > that code got exploited(*), the resulting file may still be hostile. > So, running this tool in DispVM may be useful to guard file-storing VM. > But it will not guarantee that the output file is safe. > > (*) which is IMO less likely for this code, than for full LibreOffice.
Just a few more things: it is far from being a complete protection: it simply does some cleanup in the XML content and remove extra parts. I'm relatively certain it's going to let some potential active code through but it's better than nothing. I simply ported personal code and XSLT of Jos van den Oever to python and I need to test it against malicious documents (I haven't done that yet). I don't think it will ever replace opening the document in a DispVM, but it could be a starting point for a sane-ish sanitizer of ODF files. Cheers, -- Raphaël Vinot CIRCL - Computer Incident Response Center Luxembourg 41, Avenue de la Gare L-1611 Luxembourg (+352) 247 88444 - [email protected] - www.circl.lu -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/2a71f2e9-1fa3-63bc-54bc-ac444c211f52%40circl.lu. For more options, visit https://groups.google.com/d/optout.
