incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pedro Giffuni <...@apache.org>
Subject Re: [PROPOSAL] Keeping AOO Attack Surface Small
Date Thu, 24 Nov 2011 22:23:52 GMT

--- On Thu, 11/24/11, Rob Weir <robweir@apache.org> wrote:

> > Here are some proposal elements around the Attack
> Surface of Apache
> OpenOffice and keeping it small:
> >
> >  P1. Extensions, supplements, and updates
> downloaded by the run-time
> installer or product shall only be retrieved from URLs
> under Apache control
> from sites operated by Apache infrastructure.  As a
> secondary defense,
> authentication procedures will be used to confirm the
> provenance of such
> downloads.
> >
> 
> I think you're trying to control what isn't yours.
>

Of course !! You have to control *especially* what
is not yours. 

Chrome runs its plugins in a sandbox, and that
would be very cool to have in OpenOffice.

Chrome on FreeBSD uses Capsicum;
http://www.cl.cam.ac.uk/research/security/capsicum/

and I understand it was being ported to linux too.

Pedro.


Mime
View raw message