desktop/Library_offacc.mk | 4 ++++ desktop/source/app/appinit.cxx | 4 +++- desktop/source/offacc/acceptor.cxx | 7 +++++++ officecfg/registry/schema/org/openoffice/Office/Security.xcs | 8 +++++++- 4 files changed, 21 insertions(+), 2 deletions(-)
New commits: commit ec3ffe62685f9c5e944ae0924a9963fbe016a706 Author: Michael Stahl <[email protected]> AuthorDate: Wed Nov 8 16:12:08 2023 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Thu Nov 9 17:11:00 2023 +0100 officecfg,desktop: add Office::Security::Net::AllowInsecureUNORemoteProtocol This disables the "com.sun.star.office.Acceptor" UNO service that handles the soffice "--accept" argument; now it can be disabled and locked in configuration by system administrator. Change-Id: I6747a128c3afa6a0cb351766365c8affc0b2614e Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159151 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> diff --git a/desktop/Library_offacc.mk b/desktop/Library_offacc.mk index a7f560379627..fb1a162b2b90 100644 --- a/desktop/Library_offacc.mk +++ b/desktop/Library_offacc.mk @@ -11,6 +11,10 @@ $(eval $(call gb_Library_Library,offacc)) $(eval $(call gb_Library_use_sdk_api,offacc)) +$(eval $(call gb_Library_use_custom_headers,offacc,\ + officecfg/registry \ +)) + $(eval $(call gb_Library_use_libraries,offacc,\ comphelper \ cppu \ diff --git a/desktop/source/app/appinit.cxx b/desktop/source/app/appinit.cxx index 6eca704c7fb9..51b466c6b980 100644 --- a/desktop/source/app/appinit.cxx +++ b/desktop/source/app/appinit.cxx @@ -41,6 +41,8 @@ #include <unotools/tempfile.hxx> #include <vcl/svapp.hxx> #include <unotools/pathoptions.hxx> + +#include <iostream> #include <map> using namespace ::com::sun::star::uno; @@ -165,7 +167,7 @@ void Desktop::createAcceptor(const OUString& aAcceptString) } else { - SAL_WARN( "desktop.app", "Acceptor could not be created"); + ::std::cerr << "UNO Remote Protocol acceptor could not be created, presumably because it has been disabled in configuration." << ::std::endl; } } diff --git a/desktop/source/offacc/acceptor.cxx b/desktop/source/offacc/acceptor.cxx index b8612f668b22..9598466d9c5b 100644 --- a/desktop/source/offacc/acceptor.cxx +++ b/desktop/source/offacc/acceptor.cxx @@ -23,6 +23,7 @@ #include <com/sun/star/bridge/BridgeFactory.hpp> #include <com/sun/star/connection/Acceptor.hpp> #include <com/sun/star/uno/XNamingService.hpp> +#include <officecfg/Office/Security.hxx> #include <cppuhelper/supportsservice.hxx> #include <sal/log.hxx> #include <comphelper/diagnose_ex.hxx> @@ -240,6 +241,12 @@ extern "C" SAL_DLLPUBLIC_EXPORT css::uno::XInterface* desktop_Acceptor_get_implementation( css::uno::XComponentContext* context, css::uno::Sequence<css::uno::Any> const&) { + if (!officecfg::Office::Security::Net::AllowInsecureUNORemoteProtocol::get()) + { + // this is not allowed to throw + SAL_WARN("desktop", "UNO Remote Protocol is disabled by configuration"); + return nullptr; + } return cppu::acquire(new desktop::Acceptor(context)); } diff --git a/officecfg/registry/schema/org/openoffice/Office/Security.xcs b/officecfg/registry/schema/org/openoffice/Office/Security.xcs index 4cb9073012f5..67bd4078585f 100644 --- a/officecfg/registry/schema/org/openoffice/Office/Security.xcs +++ b/officecfg/registry/schema/org/openoffice/Office/Security.xcs @@ -46,7 +46,7 @@ </group> <group oor:name="Net"> <info> - <desc>Specifies how secure hyperlinks are processed.</desc> + <desc>Specifies security aspects of network connections.</desc> </info> <prop oor:name="AllowInsecureProtocols" oor:type="xs:boolean" oor:nillable="false"> <info> @@ -54,6 +54,12 @@ </info> <value>true</value> </prop> + <prop oor:name="AllowInsecureUNORemoteProtocol" oor:type="xs:boolean" oor:nillable="false"> + <info> + <desc>Allow listening for unauthenticated remote code execution via soffice --accept.</desc> + </info> + <value>true</value> + </prop> </group> </component> </oor:component-schema>
