Date: prev next · Thread: first prev next last
2012 Archives by date, by thread · List index 

On 02/27/2012 11:46 AM, Noel Power wrote:

On 27/02/12 16:02, Andras Timar wrote:

Hi,

2012/2/27 Eike Rathke<erack@redhat.com>:

If this is only about no BASIC should be executed, there's the
configuration setting behind Tools->Options->Security, Macro Security.
If Security Level is set to Very High and no paths are added to Trusted
Sources, then no BASIC is executed at all (which btw I strongly
recommend as a developer loading bug documents from external sources).
So maybe hard-wiring that setting for the App-Store and not offer the
dialog would be enough?

When I set Macro Security Very High, I can still run the Euro
Converter Wizard (written in Basic).
I haven't been good at reading mail today and just saw this last message ( I promise to read back the thread later ) but regarding the Euro converter wizard isn't that written in Java ? Anyway regardless I suppose if it is running BASIC libraries then it is bypassing that Macro security stuff by calling basic directly, iirc the macro security stuff operates at the level of user interaction and the event handling framework so its still possible for core code to call BASIC directly. Anyway it just goes to prove that to be absolutely sure we should just clobber BASIC directly. I think that should be simple enough from a runtime pov, there are just a couple of entry points to do with compiling/running the BASIC code [*], making all/some of them ( at compile-time ) no-ops might be the simplest way to disable things. iirc there are quite some interdependencies between at least ( basctl, framework, xmlscript, scripting & ( others ?) that would make the more agreeable option of not building or delivering the basic module a little harder to achieve without some deeper changes ( but we could look into what is involved with that ) 

Noel

[*]
SbModule::Compile ( I would guess if we force that to fail/do-nothing will ensure no basic runs ) 
SbMethod::Call
StarBASIC::Call

SbModule::Run
StarBASIC::Call
Off hand, I would say that it would not matter that it can still run stuff distributed with it, but a creative person could perhaps modify things so that they added something that looked like it came with it.... 

--
Andrew Pitonyak
My Macro Document: http://www.pitonyak.org/AndrewMacro.odt
Info:  http://www.pitonyak.org/oo.php

Context

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.