Hi Justin & Alex,
On Sun, 2015-09-27 at 00:05 +0300, Alexander Cherepanov wrote:
> On 2014-11-26 21:07, Michael Meeks wrote:
> >> At upstream level many things could also be done. From showing warning
> >> before importing exotic formats to sandboxing importers.
> >
> > If you have a creative approach to sandboxing importers, I'm interested
> > - would be a bit of development work; but of course possible - we could
> > spawn external processes [ and how to sandbox those ? ] - but basically
> > anything is possible for someone wanting to contribute.
Right =)
> This question came up on Twitter and it seems that Justin Schuh (Chrome
> browser security tech lead, at least a couple of years ago) is ready to
> assist LibreOffice with sandboxing. In case you missed it, the thread
> starts here:
>
>
https://twitter.com/justinschuh/status/646409306372354048
Awesome - so, great to meet you Justin.
When you say 'assist' ? =) do you mean coding ? or pointing to some
docs ?.
Certainly - we'd love to use the Chromium sand-boxing; we ship a huge
number of document / file-types which are seldom used, or present for
legacy compatibility - and which generally produce ODF (often via SAX
style callbacks IIRC).
It would be fantastic (if it's possible) to isolate these re-using your
sandbox; we'd be very happy to point to the code-locations to hook that
in (if you're in evangelism mode), or - failing that to co-mentor a
Google Summer of Code piece to try to do that.
I CC Fridrich - the mastermind behind much of the Document Liberation
work, in case he has something to add. Fridrich - how hard would it be
to put a stream / transfer-whole-file interface between DLP filters and
the LibreOffice core ? (and/or is it a good idea ? ;-)
Alex - thanks for the introduction.
ATB,
Michael.
> ----------------------------------------------------------------------
> Justin Schuh, @justinschuh:
> Dear AV vendors, you can reach me on
securi...@chromium.org for
> assistance in sandboxing your software (taviso@ approved this message)
>
> Alexander Cherepanov, @ch3root:
> @justinschuh Is it possible to extend this offer to LibreOffice? I've
> heard they have a lot of legacy code in import filters /@michael_meeks
>
> Justin Schuh, @justinschuh:
> @ch3root @michael_meeks Should be straightforward. It's mostly a matter
> of launching the converters in a separate process
>
> Justin Schuh, @justinschuh:
> @ch3root @michael_meeks Your primary format handler would need to be
> hardened independently, because sandboxing it would be much harder
>
> Justin Schuh, @justinschuh:
> @ch3root @michael_meeks But yeah, ping the list to ask, because
> sandboxing the import filters should be pretty straightforward
>
> ----------------------------------------------------------------------
> AIUI Chromium sandbox is open source and described here:
>
>
https://www.chromium.org/developers/design-documents/sandbox
>
https://chromium.googlesource.com/chromium/src/+/master/docs/linux_sandboxing.md
>
> And while I'm at it, Google has other cool technologies. E.g., the
> problems with traffic for updates:
>
> > force those same people to update a load of ancient
> > versions of LibreOffice out there - that (in turn) fails to provide any
> > statistically significant security advantage to the users [ and also
> > consumes some staggering bandwidth as a side-effect ;-].
>
> could be mitigated with effective patches:
>
>
https://dev.chromium.org/developers/design-documents/software-updates-courgette
>
> Google has autoupdater too:
>
>
https://github.com/google/omaha
>
https://omaha.googlecode.com/svn/wiki/OmahaOverview.html
>
> IIUC LibreOffice is not autoupdated on MS Windows and cannot be updated
> for a machine when a user has a restricted account (unlike Chrome and
> Firefox).
--
michae...@collabora.com <><, Pseudo Engineer, itinerant idiot