On 15/11/2010 08:48, Lim, Nicholas wrote: > Hi, > > I have something to add on to my previous email and do hope to get some > clarification on regards the security from you. > > In OpenOffice, there is an option under > Tools>Options>OpenOffice.org>Paths>Temporary files specify the root > directory for all the temp files generated by OpenOffice when it is > started. From my understanding, these temp files are for undo operations > and recovery process. Please correct me if I am wrong. > > Temp file generated process as identify below: > - When OpenOffice is started, a directory /tmp/sv<RANDOM>.tmp is > created, where <RANDOM> is a 3 character random string. > - Within the tmp directory, there will be few tmp files follow the same > naming convention (e.g. sv<RANDOM>.tmp) created for recovery process and > undo operation) > - Once a file is saved, a new zipped file format is created in the tmp > directory and the name of the file follows the same naming convention as > above mentioned. (e.g. /tmp/sv<RANDOM>.tmp/sv<RANDOM>.tmp) > - The entire tmp directory will be deleted upon application shutdown. > > > My questions are: > > 1. Are the temp files which are not in zipped file format encrypted?
i would not expect that. > 2. What is the main purpose of having the temp files? well... nobody knows :) seriously, temp files can be created for lots of different and unrelated purposes. one that i know of is there is some caching for graphics done in VCL: it creates temp files for images and removes them from memory to minimize memory usage. how do i know that? some months ago my OOo installation wouldn't start anymore on a certain machine. rather, none of my OOo installations would start on that machine. why? on startup VCL wants to create a temp file for some graphic. and i shared my machine with another developer who really likes to crash his OOo all the time (if OOo crashes temp files are not deleted), and he managed to produce >175000 such temp files... unfortunately the code to create the svXXX.tmp files had a bug where if all possible values for XXX exist already, it would loop infinitely trying all of them again :( now you kow why the files will be called svXXXXXX.tmp in OOo 3.4 :) > 3. I noticed that the temp file always maintain at 0 byte even though I > have entered some data into the document. Why? the answer for that would depend on what the purpose of this particular temp file is. > 4. What is the main purpose of having the temp file in zipped file > format? probably it's an ODF document, and so it's just easiest to use the same code to write the temp file as to write a real ODF file. (in principle it would be possible to write a directory tree for a temp ODF document, but AFAIK there were some bugs when doing that, don't know if they are fixed now...) > 5. Are we able to intercept the above process to ensure that the temp > file is always encrypted and decrypted upon recovery process or undo > operations? Is yes, are we able to customize it in UNO extension? Please > advise the package in SVN? So that we can look at the code at the point > where: > - temp file created when OpenOffice is started > - temp file created in zipped format once it is saved > - recovery process > - undo operation not AFAIK. and this would have to affect every component in OOo that creates temp files, either with one of the several OOo temp file functions/classes, or possibly even directly with platform-specific APIs (and what about the third-party libraries that we ship, do they create temp files?), so it would probably be a awful lot of work. IMHO your best bet is to put your temp directory on an encrypted file system, with a randomly generated (at boot time) key. a ramdisk (something like tmpfs) could be "good enough", but the temp files could then be swapped out, so it's better to encrypt the swap file/swap partition then. this ensures that when you reboot the machine the temp files cannot be read anymore. this is not to difficult to set up on linux; don't know about other platforms. and it would of course work for other applications as well, not just OOo. > 6. Any other temp files will be created in OpenOffice environment when > it is started? If yes, are they encrypted and why they are needed? "why they are needed?" would make an interesting research project that i personally have no time for :) > Hope to hear you soon and appreciate with your kind assistance. > > Thanks and Regards > Nicholas regards, michael -- "When someone says 'I want a programming language in which I need only say what I wish done,' give him a lollipop." -- Alan J. Perlis --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
