Possible vulnerabilty in calligra
Jaroslaw Staniek
staniek at kde.org
Sat Dec 15 20:27:37 GMT 2012
On 15 December 2012 19:51, Agostino Sarubbo <ago at gentoo.org> wrote:
> As reported in the redhat bugzilla:
> https://bugzilla.redhat.com/show_bug.cgi?id=887416
>
> various office suite are affected.
>
> Please check if calligra is affected too and please CC me in your answer(s)
> because I'm unsubscribed.
Thanks for posting it here.
Not to reject that, just IMHO:
Based on my experience most users will click OK/Confirm anyway so just
asking them very often means passing the responsibility to the
clueless user. Proper and global solution could be for example digital
signing of the document.
We have to live with assumption that the office files (especially
macro-enabled files) are a combination of content and executable
programs (scripted). This is a big contribution of Microsoft Office to
the world of security.
The only thing that (accidentally and so far) could protect Calligra
versus than OO/LO is that Calligra's scripting facilities are very
advanced.
--
regards / pozdrawiam, Jaroslaw Staniek
Kexi & Calligra & KDE | http://calligra.org/kexi | http://kde.org
Qt Certified Specialist | http://qt-project.org
http://www.linkedin.com/in/jstaniek
More information about the calligra-devel
mailing list