Allen Pulsifer schrieb:
A node in the OOo registry can be marked "finalized", in order to prevent
its value from being changed by users. See
http://util.openoffice.org/common/configuration/oor-document-format.html#Acc
ess_Control
Question: is finalized intended to imply a security assurance that a user
cannot actually override the value?
No. See below for more detail.
It occurs to me that a user would likely be able to override a finalized
value by editing the binary .dat files in $(user)\registry\cache\
Yes, that would in fact be possible, if tedious: you need to parse the
binary format, find the place(s) to change, patch those values and
whenever the cache is regenerated you have to redo this and then restart
the office. There are simpler ways to circumvent lockdown (see below).
To prevent the user from manipulating the cache, you can switch off use
of that binary cache - of course at the cost of slower application startup.
To switch off the binary cache, you can edit
$officeinstall/program/configmgrrc (configmgr.ini on Windows) and change
the CFG_CacheURL entry to be empty ['CFG_CacheURL='].
Alas, that still doesn't give you a security assurance :-o
++++++++++++++++++++++++++++++++++
The primary means to circumvent this kind of lockdown, is this:
The file configmgrrc/configmgr.ini (see above) contains the 'bootstrap'
configuration for the configuration service. It describes which things
to merge, etc. This is bootstrap configuration as described in [1],[2].
That means the value from the rc/ini-file can be overridden on the
command line.
Thus a user can create a private copy of the shared configuration, edit
it freely and then use 'soffice -env:CFG_Strata=...' to start the office
on his private copy. Instead of maintaining a full private copy, the
user could also add a layer of his own that forces only selected
entries. By using 'soffice -env:BaseInstallation=...' this mechanism can
even be exploited to replace things beyond the configuration database.
++++++++++++++++++++++++++++++++++
General comment:
IMHO you generally can't do desktop application lockdown with strong
security. A purposeful, skilled and malicious user can get around those
things. Lockdown can only prevent users from doing disallowed things
without skill and criminal energy. In most contexts it should be
sufficient accompany lockdown with policy that threatens suitable
consequences for circumventing the restrictions. But a security strategy
should assume that users can do anything their system privileges allow
within their own environment.
- Jörg
References:
[1] UNO Micro Deployment
<http://udk.openoffice.org/common/man/concept/micro_deployment.html>
[2] Uno Bootstrap Specification
<http://udk.openoffice.org/common/man/concept/default_bootstrapping.html>
--
Joerg Barfurth Sun Microsystems - Desktop - Hamburg
>>>>>>>>>>>>>>>>>> using std::disclaimer <<<<<<<<<<<<<<<<<<<<<<<
Software Engineer [EMAIL PROTECTED]
OpenOffice.org Configuration http://util.openoffice.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]