Old/Obsolete file format import still needed?
Michael Meeks
michael.meeks at collabora.com
Tue Feb 9 09:45:30 UTC 2016
Hi Bryan,
On Tue, 2016-02-09 at 01:38 -0500, Bryan Quigley wrote:
> While working on the easyhack[1] to remove export of obsolete formats
Its prolly a good idea to close that easy-hack ;-)
> There also might be a security benefit by not having to
> consider these formats (less import code to harden).
As JanI says, cf. the ESC minutes - being the swiss-army-knife of file
formats that loads ~anything you can throw at it is quite important.
> P.S. Please copy me on replies.
Hopefully the list is configured to do that ;-)
Anyhow - I share your concern wrt. the attack surface that all these
old file filters provide for us; I attach a prototype patch that adds an
'EXOTIC' annotation to our filter descriptions. It is missing a UI
Interaction Handler piece (cf. the hole with the notes and so on in
there ;-) - we'll need a new request type I guess.
My ideal would be to pop up a dialog saying:
"You're asking LibreOffice to open a very unusual file-type.
Unless you are certain that this file is indeed a <Lotus
Word Pro> file it is safest to not open it.
[ ] - never show this again
[ this is an unusual file ] [get me out of here ]"
Of some kind =) is that something you'd be interested in working on ?
All the best,
Michael.
--
michael.meeks at collabora.com <><, Pseudo Engineer, itinerant idiot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-First-cut-at-annotating-exotic-filters.patch
Type: text/x-patch
Size: 15482 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/libreoffice/attachments/20160209/a495af00/attachment.bin>
More information about the LibreOffice
mailing list