2014-01-29 Sayt Bahal <sayt.bahal@gmail.com>
It turned out that LibreOffice has a security-related issue (
https://bugs.freedesktop.org/show_bug.cgi?id=51819), that makes it save
the
AutoRecovery files for password-protected documents without any protection
(encryption).
It essentially means, that with AutoRecovery enabled (which is the
default):
- after an application or system crash (eg. a power failure) anybody can
recover the document without knowing the password (the document 'loses' its
password)
- anybody who has access to the system drive (eg. through the network)
while you are editing a document can open it without knowing the password
- anybody who has physical access to your system hard drive, now or in the
future (at worst even months/years after the actual editing), has the
chance to unerase the document and open it without knowing the password
If you use password-protection a lot and are concerned about the security
of your documents, it could be advisable to switch the AutoRecovery feature
off until the bug gets fixed.
The issue applies to all LibreOffice modules (Writer, Calc, Draw, ...) and
was introduced in version 3.4.6 (March 2012).
------------------
For developers only:
It also turned out, that (a bit surprisingly) the lead developers have
other priorities than fixing such security issues, and are waiting (since
May 2013) for the community to step in.
If you have the necessary knowledge and free time to track down and
potentially to fix this issue, please do not hesitate to take a look into
it and help in maintaining the security standard that millions of users
worldwide impose on such professional products as LibreOffice.
Hmm. On a general note, one should know that a lot of applications (all?)
have a tendancy to leak information through temporary files, caching,
memory swapping... And appropriate care should be taken if you're
manipulating sensitive informations: system drive NOT available through
network, encrypted temp partition, encrypted swap (with random key), not
leaving the computer unattended while powered (even if the screen's locked,
it's a liability because full-disk encryption keys might be recoverable
from RAM), etc.
More specific to LO now: this issue, if it works as advertised (didn't
check thoroughly, but on Linux LO 4.1.4.2 the issue exists), doesn't come
from some side-effect of our moderns OS, but is directly linked with LO.
Maybe a solution would be to automatically disable temporary
backup/recovery when opening a file with a password. Unfortunately I'm not
very familiar with LO codebase, but perhaps such a solution would be easy
enough to implement to bring current developpers attention on it.
At least it's significantly easier (and safer!) than trying to remember the
document key, save the recovery data encrypted, change the recovery dialog
to handle these cases, etc. Of course one would lose the ability to use
recovery for encrypted documents, but it's not necessarily a bad thing :)
Note that if your document is really sensitive, the fact that it's
encrypted when saving doesn't mean that it's safe: if you're not cautious
about your whole system, entire parts of the file can end up on swap anyway
as you're working on it (it have to be in clear in the RAM at some
point...).
For what it's worth, one short-term solution is to have the temporary place
encrypted. For example, on some Linux systems (namely Ubuntu, don't know
for others) you can chose to encrypt your home folder, which happen to
contain the backup path used by LO. This doesn't protect you from network
access, but that's only relevant if you set open network access to your
home folder, including config files in hidden directories... Which I hope
is not that common.
--
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.