[LINK] OpenOffice.org less secure than Microsoft Office?

[Glen Turner]

Karl Auer wrote:

> A firewall *in the operating system* could perhaps identify applications
> as you suggest, but this would only be useful if the operating system
> ran at a higher privilege than the applications (otherwise the
> application could simply turn off or modify the firewall).

And thus the motivation for extending SELinux to doing access
control on network connections.  Linux's IPTables can filter
by application now, but I haven't seen that used in a general
sense (eg, make sure mail clients only use the relevant protocols).

A fair part of the reason for that is probably the hubris of
applications developers -- they've been less than eager to
write SELinux rules for their applications because *their*
application has no bugs (Samba is a honourable exception here,
they have rules and strongly encourage their use).  And Red Hat
have picked up the slack of the application developers.

> Security flaws in an application like Word or OO are typically not
> something a firewall can "see" or mitigate anyway. They are in things
> like  macro capabilities. Send someone a document with a nasty macro in
> it, get them to open the document, and bang. Even then, the flaw is not
> that the macro can do nasty things - some nasty things are good and
> useful in the right context, like "delete file", or even "execute
> external script". The security flaw is generally that the access model
> is too coarse, the defaults too open, or the checks too weak. A macro
> language that allows a file to be deleted should at very least confirm
> with the user by default. Documents should not have autorun macros
> enabled by default, it should be something the user has to enable for
> each specific document. And so on.
> 
> I would really like to know what the flaws were that the French military
> found...

Probably a lot.

The "macro" programming language in OpenOffice.org is far too powerful,
intending to rival Word in its power.  And they argue strongly that
having the macro language enabled by default is the correct user
experience.  Arguments that leave the rest of the programming community
somewhat gobsmacked.  Not just because this has been such a poor
idea in Word and a world of pain for Word's users. But because the
whole point of XML-based documents is that document munging is done
by declarative transformations rather than by running "macro" programs.

At some point the desire of OpenOffice.org to be a Word clone was
going to run up against the need for a better way of doing things.
And the macro language seems to be that intersection.

There's been some reduction in the willingness of OpenOffice.org to
run macros after the concept demonstration of a macro virus.  If
the experience of Word is a guide then this is just a reorganisation
of the deckchairs.

What's missing is a simple, graphical way for a user to specify a
XML transformation and XForms.  A way that talks the user's
language rather than XMLism.  Until we get that these macro
languages are going to be difficult to kill off.