To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=71057 Issue #|71057 Summary|Possible exploit potential in openoffice Component|framework Version|OOo 2.0.4 Platform|All URL| OS/Version|All Status|UNCONFIRMED Status whiteboard| Keywords| Resolution| Issue type|DEFECT Priority|P3 Subcomponent|code Assigned to|tm Reported by|jcdutton
------- Additional comments from [EMAIL PROTECTED] Tue Oct 31 15:54:20 -0800 2006 ------- openoffice executable and associated dynamic lib files have executable stack segments. scanelf is a tool one can use to find which programs have an executable stack. For security reasons, and executable stack should be avoided if at all possible. scanelf -Rqe /usr/lib/openoffice/* results in a lot of openoffice having an executable stack. e.g. RWX --- --- /usr/lib/openoffice/program/soffice.bin Can openoffice developers take some care so as to avoid this. It makes exploits so much easier to do in openoffice, and making the stack only RW- would result in openoffice being a lot more secure. Some guidelines on how to correct these problems can be found here: http://www.gentoo.org/proj/en/hardened/gnu-stack.xml --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]