Restricting OpenOffice with SRP

Discussion in 'other security issues & news' started by Gullible Jones, Sep 12, 2009.

Thread Status:
Not open for further replies.
  1. I'm hardening up my system with SRP, and I'm wondering about how to do that for OpenOffice... Is it enough to create a policy for soffice.exe? Or does it have to be for soffice.bin? Or do I have to create restrictions for the Writer, Draw, Database, etc. frontends too? o_O
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Test to find out.

    In Admin:

    Default-Deny: Allow openoffice.exe unrestricted, see what happens. All its dependents should inherit the unrestricted right. The inclusion/exclusion of dll might affect this.

    Blacklist specific programs: For example you deny runas.exe and put FF to basic user. There should be no restriction on openoffice, so it should be fine.

    Blacklist specific programs: Again, you are blacklisting, and perhaps you want to demote openoffice to a Basic User instead of running as Admin. Here I will imagine is where the dll setting will play. Dlls located in the program directory can have a path rule made for a dll subdirectory or dlls themselves, which allow them. dlls located in windows should already be allowed unrestricted. Again, the inclusion/exclusion of dlls in SRP will probably have bearing. It is unknown to me whether or not SRP effects files/dlls even though they are in windows. For example, I have yet to ascertain, if you demote FF to basic user, are only the libraries that FF needs/loads the ones that are effected by SRP, or exactly what?

    If LUA:

    The same principles apply basically, although you are probably only concerned with the default-deny situation, as Users dont really need to demote to basic user lol.

    Sul.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.