[Libreoffice-bugs] [Bug 140886] Allow hyperlink opening on file with execute bit set ref. CVE-2019-9847
bugzilla-daemon at bugs.documentfoundation.org
bugzilla-daemon at bugs.documentfoundation.org
Mon Mar 15 10:30:05 UTC 2021
https://bugs.documentfoundation.org/show_bug.cgi?id=140886
--- Comment #4 from cv at eaimpianti.it ---
Further informations:
See
https://github.com/LibreOffice/core/blob/10f8764ff9c3945e3e51c7d483dc7a07bdea29f9/shell/source/unix/exec/shellexec.cxx#L135
the file in question. Marked line is where libreoffice checks for the
executable bit, we need to throw a different error and report it to
openuriexternally.cxx, create a dialog like "Are you sure to open this file
even if it is an executable?" then if answered yes return back to shellexec and
force it to open.
See also
https://github.com/LibreOffice/core/commit/d59ec4cd1660410fa1b18c50d2d83b1417a82ddc
for the commit that changed the behavior
And
https://github.com/LibreOffice/core/blob/master/sfx2/source/appl/openuriexternally.cxx
for the UI calling it
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20210315/b98b7c8b/attachment.htm>
More information about the Libreoffice-bugs
mailing list