Hello Carl, All, On Sun, Jun 06, 2021 at 11:50:12AM -0400, Carl Marcum wrote:
> Hi Arrigo and All, > > On 6/5/21 5:53 PM, Arrigo Marchiori wrote: > > Hello Carl, All, > > > > On Sat, Jun 05, 2021 at 03:47:12PM -0400, Carl Marcum wrote: > > > > > Hi Arrigo, > > > > > > On 6/5/21 9:50 AM, Arrigo Marchiori wrote: > > > > Dear Matthias, Czesław, All, > > > > > > > > On Sat, Jun 05, 2021 at 12:39:16PM +0200, Matthias Seidel wrote: > > > > > > > > > Hi Czesław, > > > > > > > > > > Am 05.06.21 um 12:35 schrieb Czesław Wolański: > > > > > > Hi Matthias, all > > > > > > > > > > > > A preliminary check in Calc (Windows 7, 64-bit) > > > > > > > > > > > > (1) in-document links beginning with # > > > > > > test: button with link to other sheet > > > > > > result: OK (no security warning) > > > > > > > > > > > > (2) .uno:XXX links > > > > > > result: security warning > > > > > > > > > > > > (3) Links to local files > > > > > > test: the "Hyperlink" dialog, button "WWW Browser" > > > > > > result: OK (no security warning) > > > > > That's what I expected, since the patches are for file:// > > > > > > > > > > .uno: hasn't been addressed yet > > > > > > > > > > @Arrigo: correct me if I am wrong ;-) > > > > You should have just become wrong ;-) > > > > > > > > I found out that there are many checks on the URL protocol. I suggest > > > > that the warning was not checked at the right moment, but too soon. > > > > > > > > Because we had a report of unexpected _execution_ of malicious links, > > > > I suggest we leave the safety check on hyperlinks _just before calling > > > > the OS to execute them_. > > > > > > > > The result is that HTTP, HTTPS, but also "uno:" and all other > > > > protocols already understood by AOO are not checked, and no warnings > > > > will appear. We could argue that their safety must be assured by the > > > > code handling them, as we accepted to delegate the browser for > > > > Internet links. > > > > > > > > The latest commit, just pushed to branch bug128453, moves the check > > > > for "safe extensions" (or directory) from the beginning of hyperlinks' > > > > processing, to just before the execution of the link target by the OS. > > > > The protocol is not checked any more, because supported protocols > > > > are already filtered out and processed at that point. > > > > > > > > This should make all links to non-files work again, and still warn > > > > users when they are going to open JAR's, EXE's and other unknown > > > > types. > > > > > > > > What do you think about this? > > > I like your thinking on this. > > > I'll build this branch on Linux and test using some of the test documents > > > and ones I've made to make sure I understand the different cases. > > > Then I'll report back. > > You can find my 64 bit Linux builds here: > > https://home.apache.org/~ardovm/openoffice/bug128453/ > > > > I tried the "beta" option of the build script... I hope it works. > > > > Thank you for your cooperation! > > > > Best regards, > > I've built the bug128453 branch [1] on Linux CentOS 7 and ran the test suite > that included the hyperlink tests for the dialogs [2]. > > I put together some test documents here [3]. Very nice, thank you! [...] > So far everything looks good and I get the warning everywhere I expect to > with one exception. > The smb://nonexistant.url.com link does not display the warning and I get > this output: > --- > This tool has been deprecated, use 'gio open' instead. > See 'gio help open' for more info. > > gio: smb://nonexistant.url.com/: The specified location is not mounted > --- > Note that I build on CentOS 7 and use --enable-gio and --disable-gnome-vfs > in configure. > > Maybe there is a reason the SMB protocol is treated differently than the > others when there is only the host section of the url? > > I'm not saying this is bad but just different. We can discuss... Sure. The smb:// protocol is treated like file://. A proof of this is that the link to "smb://nonexistant.url.com/evil.jar" shows a warning dialog because the ".jar" extension is not considered safe. For the same reason, f you create a link to "smb://nonexistant.url.com/whatever.ods" it will be opened without warnings. The link you are discussing points to "smb://nonexistant.url.com/". The target ends with a backslash, therefore it is considered a directory, and thus safe. This is the current logic. It may be worth discussing whether we want to consider links to directories safe or not. The warning messages you reported about gio are worth another discussion: we may need to update the way we "talk to" the OS under GNOME. But as long as it works on current distributions, I would refrain from changing it. I hope that the above makes sense. Best regards, -- Arrigo --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
