From ec3ffe62685f9c5e944ae0924a9963fbe016a706 Mon Sep 17 00:00:00 2001 From: Michael Stahl Date: Wed, 8 Nov 2023 16:12:08 +0100 Subject: [PATCH] officecfg,desktop: add Office::Security::Net::AllowInsecureUNORemoteProtocol This disables the "com.sun.star.office.Acceptor" UNO service that handles the soffice "--accept" argument; now it can be disabled and locked in configuration by system administrator. Change-Id: I6747a128c3afa6a0cb351766365c8affc0b2614e Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159151 Tested-by: Jenkins Reviewed-by: Michael Stahl --- desktop/Library_offacc.mk | 4 ++++ desktop/source/app/appinit.cxx | 4 +++- desktop/source/offacc/acceptor.cxx | 7 +++++++ .../registry/schema/org/openoffice/Office/Security.xcs | 8 +++++++- 4 files changed, 21 insertions(+), 2 deletions(-) diff --git a/desktop/Library_offacc.mk b/desktop/Library_offacc.mk index a7f560379627..fb1a162b2b90 100644 --- a/desktop/Library_offacc.mk +++ b/desktop/Library_offacc.mk @@ -11,6 +11,10 @@ $(eval $(call gb_Library_Library,offacc)) $(eval $(call gb_Library_use_sdk_api,offacc)) +$(eval $(call gb_Library_use_custom_headers,offacc,\ + officecfg/registry \ +)) + $(eval $(call gb_Library_use_libraries,offacc,\ comphelper \ cppu \ diff --git a/desktop/source/app/appinit.cxx b/desktop/source/app/appinit.cxx index 6eca704c7fb9..51b466c6b980 100644 --- a/desktop/source/app/appinit.cxx +++ b/desktop/source/app/appinit.cxx @@ -41,6 +41,8 @@ #include #include #include + +#include #include using namespace ::com::sun::star::uno; @@ -165,7 +167,7 @@ void Desktop::createAcceptor(const OUString& aAcceptString) } else { - SAL_WARN( "desktop.app", "Acceptor could not be created"); + ::std::cerr << "UNO Remote Protocol acceptor could not be created, presumably because it has been disabled in configuration." << ::std::endl; } } diff --git a/desktop/source/offacc/acceptor.cxx b/desktop/source/offacc/acceptor.cxx index b8612f668b22..9598466d9c5b 100644 --- a/desktop/source/offacc/acceptor.cxx +++ b/desktop/source/offacc/acceptor.cxx @@ -23,6 +23,7 @@ #include #include #include +#include #include #include #include @@ -240,6 +241,12 @@ extern "C" SAL_DLLPUBLIC_EXPORT css::uno::XInterface* desktop_Acceptor_get_implementation( css::uno::XComponentContext* context, css::uno::Sequence const&) { + if (!officecfg::Office::Security::Net::AllowInsecureUNORemoteProtocol::get()) + { + // this is not allowed to throw + SAL_WARN("desktop", "UNO Remote Protocol is disabled by configuration"); + return nullptr; + } return cppu::acquire(new desktop::Acceptor(context)); } diff --git a/officecfg/registry/schema/org/openoffice/Office/Security.xcs b/officecfg/registry/schema/org/openoffice/Office/Security.xcs index 4cb9073012f5..67bd4078585f 100644 --- a/officecfg/registry/schema/org/openoffice/Office/Security.xcs +++ b/officecfg/registry/schema/org/openoffice/Office/Security.xcs @@ -46,7 +46,7 @@ - Specifies how secure hyperlinks are processed. + Specifies security aspects of network connections. @@ -54,6 +54,12 @@ true + + + Allow listening for unauthenticated remote code execution via soffice --accept. + + true +