Restricting OpenOffice with SRP

Discussion in 'other security issues & news' started by Gullible Jones, Sep 12, 2009.

Thread Status:
Not open for further replies.
  1. I'm hardening up my system with SRP, and I'm wondering about how to do that for OpenOffice... Is it enough to create a policy for soffice.exe? Or does it have to be for soffice.bin? Or do I have to create restrictions for the Writer, Draw, Database, etc. frontends too? o_O
  2. Sully

    Sully Registered Member

    Dec 23, 2005
    Test to find out.

    In Admin:

    Default-Deny: Allow openoffice.exe unrestricted, see what happens. All its dependents should inherit the unrestricted right. The inclusion/exclusion of dll might affect this.

    Blacklist specific programs: For example you deny runas.exe and put FF to basic user. There should be no restriction on openoffice, so it should be fine.

    Blacklist specific programs: Again, you are blacklisting, and perhaps you want to demote openoffice to a Basic User instead of running as Admin. Here I will imagine is where the dll setting will play. Dlls located in the program directory can have a path rule made for a dll subdirectory or dlls themselves, which allow them. dlls located in windows should already be allowed unrestricted. Again, the inclusion/exclusion of dlls in SRP will probably have bearing. It is unknown to me whether or not SRP effects files/dlls even though they are in windows. For example, I have yet to ascertain, if you demote FF to basic user, are only the libraries that FF needs/loads the ones that are effected by SRP, or exactly what?

    If LUA:

    The same principles apply basically, although you are probably only concerned with the default-deny situation, as Users dont really need to demote to basic user lol.

Thread Status:
Not open for further replies.