LibreOffice supports several features that are rarely used or have caused security problems in the past. These functional areas are: LibreLogo scripts DDE commands OLE objects Macros It is desirable in security-sensitive environments that these individual features should be deactivatable, in each case by a new configuration option in the user interface. Additionally a configuration is to be implemented, which is displayed in the user interface that blocks all active content. This reduces the attack surface significantly. There is already a configuration option for disabling macros, but it is not yet exposed on the UI, see: officecfg::Office::Common::Security::Scripting::DisableMacrosExecution Something similar for the others could be added.
Created attachment 191043 [details] Example file with DDE commands referring to another file
Created attachment 191044 [details] Example file with macros, referenced by the odt The odt expects this to be in the /tmp directory
Created attachment 191045 [details] A possible place and UI layout for the new feature Options - Security - Options could be a place for this. UI layout/logic could be similar to the "Remove personal information on saving" group.
Why not hiding those features completely? The registry is a good place to tweak the hell out of the application. Macro Security is controlled via Tools > Options > Security - and needed here since you might receive documents with macros and the infobar tells you how to enable it. Don't find any occurrence of OLE nor LibreLogo in the options, not sure what exactly you mean with DDE. Now I wonder if you think about "hiding" the option from the expert set (effectively to hard-code it).
(In reply to Heiko Tietze from comment #4) > Why not hiding those features completely? The registry is a good place to > tweak the hell out of the application. > > Macro Security is controlled via Tools > Options > Security - and needed > here since you might receive documents with macros and the infobar tells you > how to enable it. > > Don't find any occurrence of OLE nor LibreLogo in the options, not sure what > exactly you mean with DDE. Now I wonder if you think about "hiding" the > option from the expert set (effectively to hard-code it). DDE (Dynamic Data Exchange) [1] can probably be suppressed, while OLE remains viable cross platform. LibreLogo [2] is a toy programming environment, remains part of LO core cross platform Agree all four types from OP pose potential "security" risks that merit ability to suppress from the UI and or via Expert configuration as Gabor suggests. =-ref-= [1] https://en.wikipedia.org/wiki/Dynamic_Data_Exchange [2] https://help.libreoffice.org/24.2/en-US/text/swriter/librelogo/LibreLogo.html
Sarper Akdemir committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/8d3ac3968e31d8d804d72d39a9387f225d30d087 tdf#158375: add expert option to disable active content It will be available in 24.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Sarper Akdemir committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/75df80e34efcd2d39a49ec91654480e156bcec1f tdf#158375: further disable embedded objects It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Sarper Akdemir committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/7bb50fd2398220c3b162e7242c1cc8d6c4c31463 tdf#158375: adapt UI when embedded content is disabled via option It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Sarper Akdemir committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/9157d8de8d8a7a2707179f371f4e4771f41777be tdf#158375: disable DDE when DisableActiveContent is set It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Sarper Akdemir committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/09b13f3f85b3ef6ffe4d46e2ca5170ad81045ff4 tdf#158375: adapt UI when DDE is disabled via DisableActiveContent It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Sarper Akdemir committed a patch related to this issue. It has been pushed to "libreoffice-24-2": https://git.libreoffice.org/core/commit/24dae717996fe976c6d86b13a8b7b60cb74ca066 tdf#158375: further disable embedded objects It will be available in 24.2.0.0.beta2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Sarper Akdemir committed a patch related to this issue. It has been pushed to "libreoffice-24-2": https://git.libreoffice.org/core/commit/417f140effaea10674d280370223181cb0dc3e55 tdf#158375: adapt UI when embedded content is disabled via option It will be available in 24.2.0.0.beta2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Sarper Akdemir committed a patch related to this issue. It has been pushed to "libreoffice-24-2": https://git.libreoffice.org/core/commit/e377a29bcf9bc383749edfb5a9d0c0dcbd8dfe59 tdf#158375: disable DDE when DisableActiveContent is set It will be available in 24.2.0.0.beta2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Sarper Akdemir committed a patch related to this issue. It has been pushed to "libreoffice-24-2": https://git.libreoffice.org/core/commit/ec21a5935062175598d36c21d4484b777c915bff tdf#158375: adapt UI when DDE is disabled via DisableActiveContent It will be available in 24.2.0.0.beta2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Sarper Akdemir committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/5372538648dd865f36f53f2cee4490203385cd50 tdf#158375: add expert option DisablePythonRuntime It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Sarper Akdemir committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/8f4ff4c601c7480479c97b274e577cf074a9a2ef tdf#158375: add expert option DisableOLEAutomation It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Sarper Akdemir committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/a2ccc25ccb2e94f5990d6d413541dbcdd3a72338 tdf#158375: add UI option to disable active content It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Stephan Bergmann committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/8a695046cfcc8f9ec835b208b0d56ca821a3ff84 tdf#158375 Hack to make sure process service factory is set It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Sarper Akdemir committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/cb685f603e15d73fc518b8d4e896f96f21bab4ea tdf#158375: make it possible to hot disable embedded objects It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Sarper Akdemir committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/2873a4c12d083698de293750f582bf8181a79f6e tdf#158375: add tests for DisableActiveContent It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.