Sami Rautiainen F-Secure
OpenOffice security
OpenOffice, the open office suite is available for Linux, Windows and Solaris, with the other platforms like MacOS X under development. It has reached the production version 1.0, being already the most popular office suite for Linux.
This paper discusses the security model of OpenOffice - the environment and restrictions that are provided for executable content such as macros and embedded objects. The paper also examines the features of the native macro language and the XML file format used by OpenOffice.
The OpenOffice feature set is similar to the feature set of Microsoft Office. It has word processing, spreadsheet and presentation applications all tied together within a common look and feel.
OpenOffice has a built-in macro language and a support for both JavaScript and Java applets. Looking at these features, the question arises: how secure is OpenOffice? Have OpenOffice developers taken into account the pitfalls shown by the history of the Microsoft Office or is OpenOffice the next victim of the abuse of macro viruses?