Bug 119507 - macro signature's should not be removed as long as macro source code has not changed
Summary: macro signature's should not be removed as long as macro source code has not ...
Status: NEW
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: BASIC (show other bugs)
Version:
(earliest affected)
Inherited From OOo
Hardware: All All
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
Depends on: 42316 129311
Blocks: Digital-Signatures Macro
  Show dependency treegraph
 
Reported: 2018-08-26 13:40 UTC by Oliver Brinzing
Modified: 2019-12-10 18:41 UTC (History)
3 users (show)

See Also:
Crash report or crash signature:


Attachments
macro signed template (15.44 KB, application/vnd.oasis.opendocument.text-template)
2018-08-26 13:40 UTC, Oliver Brinzing
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Brinzing 2018-08-26 13:40:11 UTC
Created attachment 144453 [details]
macro signed template

imagine an enterprise environment, where users should work with 
templates (containing macros) and macro security level is set to "High":

steps to reproduce:

- set Macro Security to "High":
  Menu "Tools/Options.../LibreOffice/Security/[Macro Security...]"
- open attached template:
  Menu "File/Templates/Open Template ..."
- check "[x] Always trust macros from this source" and [Enable Macros]

  btw: is there an option to prevent users trusting a signed macro?
       imho it would make sence to have an option to allow only macro's
       signed with preinstalled/validated certificates.

- verify signatures: 
  document (banner below toolbar) and 
  macro (Menu "Tools/Macros/Digital Signature..."
- close template

- open a document from template:
  Menu "File/Open.../macro_signed_template.ott"
- document and macro signature's have been removed.
- but [Run Macro] will still work!
- save "Untitled 1" as "test.odt" and close
- open "test.odt"
- macros execution is disabled now

"repair" test.odt:
- copy "META-INF/macrosignatures.xml" from "macro_signed_template.ott"
  to test.odt's "META-INF" folder.
- open "test.odt"
- [Run Macro] will work again

conclusion:
macro signature's should not be removed as long as macro source code 
has not changed.

problem:
- open "test.odt"
- Menu "File/Tools/Macros/Edit Macro"
- edit macro (for example change msgbox text) *without* saving the document
- [Run Macro] will work!
- save and close
- open "test.odt"
- macro will not work

conclusion:
macro execution should be disabled as soon as macro source code has changed.
user should be warned editing signed macro code.
Comment 1 Drew Jensen 2018-08-26 17:08:13 UTC
Confirm that the behavior is as you describe. Test system Ubuntu 18.04, 
Version: 6.1.1.0.0+
Build ID: 30c178dcb3301527ad92bbd245d1525ab77e314e
Comment 2 Thorsten Behrens (CIB) 2019-06-26 10:26:29 UTC
Scope of this bug is a bit wider (applies to all documents), but the example is duplicate to bug 42316.
Comment 3 Jan-Marek Glogowski 2019-12-10 18:41:47 UTC
I stumbled over this while looking for a bug like 129311. So I'll just add some update

Finished parts:
* macro signatures should not be removed as long as macro source code has not changed => bug 42316
* prevent users to trust a signed macro with *High* macro security set and locked trusted authors list => bug 129311

This leaves:
* signed macros should be disabled as soon as the source code has been changed (and therefore invalidated the signature)
* user should be warned when editing signed macro code

This bug shows exactly why I don't like a single bug for multiple problems. Maybe someone will remember to close this bug at some point, if finally all parts are fixed, maybe not :-( More bugs will be opened eventually, if some additional part can be / is fixed.

I also removed the bug 107882 from the "see also" list. I don't see any connection between some Cyrillic StarBasic editor problems and this bug.