incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject RE: Install configuration management
Date Fri, 18 Nov 2011 20:07:16 GMT
When the download and execution is *performed* by Apache OpenOffice, the vulnerability is now
ours.  That needs to be obvious too.

-----Original Message-----
From: Rob Weir [mailto:robweir@apache.org] 
Sent: Friday, November 18, 2011 11:58
To: ooo-dev@incubator.apache.org
Subject: Re: Install configuration management

On Fri, Nov 18, 2011 at 2:11 PM, Dennis E. Hamilton
<dennis.hamilton@acm.org> wrote:
> I think this is all very interesting.
>
> I want to point out that any situation where code is downloaded for execution under the
user's privileges while running Apache OpenOffice is an avenue for attack by injection of
malicious code and also data mining the user account.
>

I want to point out that any situation where code is downloaded for
execution under the user's privileges while *not running* Apache
OpenOffice is *also* an avenue for attack by injection of malicious
code and also data mining the user account.

This is just stating the obvious in too many words.

-Rob


Mime
View raw message