diff options
| author | Mike Kaganski <mike.kaganski@collabora.com> | 2023-11-08 09:35:46 +0300 |
|---|---|---|
| committer | Mike Kaganski <mike.kaganski@collabora.com> | 2023-11-08 16:22:00 +0100 |
| commit | 85a8c29e26f0bf48906312103e57246685d32c7e (patch) | |
| tree | f85d585b6fd8b53d167609fe18f26e18acd8286c /sfx2 | |
| parent | 078e102b9fde39b4e5a1d32ace89a21e3ecc24bb (diff) | |
tdf#158090: Limit signed document requirement to High security level
Commit 1dc71daf7fa7204a98c75dac680af664ab9c8edb (Improve macro checks,
2021-01-28) introduced a new requirement, that trusted macro signature
must be accompanied by valid document signature when the document has
events calling macros, otherwise macros are not allowed. But this breaks
multiple workflows, where security level is set to limit users' ability
to run unsigned macros, where documents aren't signed.
As the first step, limit the security hardening introduced in the said
commit to High security level; in Medium security level, restore the
previous behavior.
The plan is to fix more inconsistencies later, and then introduce a
new separate configuration to require document signature to allow
trusted macros (enabled by default), so that the combination of its
default value and the High default security level keep the hardened
default security implemented currently, while allowing users to opt
to the previous documented behavior.
Change-Id: I71ff0e531f3a42fbee7828982e4fd39f0e9d6ea3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159101
Tested-by: Mike Kaganski <mike.kaganski@collabora.com>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Diffstat (limited to 'sfx2')
| -rw-r--r-- | sfx2/source/doc/docmacromode.cxx | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx index ef9546365451..e2c1150c33ef 100644 --- a/sfx2/source/doc/docmacromode.cxx +++ b/sfx2/source/doc/docmacromode.cxx @@ -207,9 +207,9 @@ namespace sfx2 { return disallowMacroExecution(); } - else if ( m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading() && - bHasTrustedMacroSignature && - !bHasValidContentSignature) + else if (nMacroExecutionMode != MacroExecMode::ALWAYS_EXECUTE + && m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading() + && bHasTrustedMacroSignature && !bHasValidContentSignature) { // When macros are signed, and the document has events which call macros, the document content needs to be signed too. m_xData->m_bHasUnsignedContentError = true; |