Apps :: Which "openoffice" to download for 256MB system?



Search google for these terms: openoffice security advisories. My first try:
Results 1 - 10 of about 345,000 for openoffice security advisories. (0.28 seconds)

Shortest answer to the first question: That presumes your local documents contain no shared information and no content (images, etc.) from other sources. I didn't narrow down my search to include anything affecting OOo with JRE whether remote or local...

Okay, now I have. I thought I remembered this:
http://news.cnet.com/Java-fl....13.html

Plenty more if you have time to read through all the links for OOo-specific security advisories.

Quote (setecio @ June 13 2008,05:32)
I just wondered if such a download was available to have a look at various apps.

You can also visit the website to browse the apps,

http://distro.ibiblio.org/pub/linux/distributions/damnsmall/mydsl/

Thanks humpty, that looks the best way.

lucky13, about the security side of running DSL and various apps, I thought that :

a) DSL being Linux
b) running in root
c) being behind a hardware firewall
d) being 'only' a home user as opposed to a corporate business with any 'important stuff'

that I would be pretty safe using DSL and apps such as Open Office.

Layers...

First layer, kernel. Linux is just a kernel. It has its own set of security issues, just like any other complex, complicated set of code known as an operating system. Check the changelogs and security advisories and patches (such as novmsplice).

----------------------- edit ----------------------------------
I just remembered that grsecurity recently had this note about the problem of transparency and openness in 2.6:
"Due to Linux kernel developers continuing to silently fix exploitable bugs (in particular, trivially exploitable NULL ptr dereference bugs continue to be fixed without any mention of their security implications) we continue to suggest that the 2.6 kernels be avoided if possible."
http://www.grsecurity.net/news.php
-------------------  end edit  ------------------------------------

Above that in the next layer are all the utilities that make the kernel useful. Those, too, have vulnerabilities that affect security. Just because they're used in Linux/Unix doesn't make them any safer than if they're used in any other OS (including Windows).

The next layer includes userland applications. Some of these are very complex sets of code and with that complexity they're more susceptible (exponentially?) to security breaches. For example, Firefox and Open Office are among the larger and more complex applications made available in many Linux distros. Both of these applications have long histories of security problems and often have made new security releases within days of previous releases. Both, of course, are also available for other operating systems. It's not the OS -- the first two layers of kernel and utilities -- that's responsible for these security issues. It's all the interrelated pieces of the complex puzzles such as libraries used, as well as the way those are implemented in the whole scheme of things, that's problematic. Especially today with the increased risk of cross-scripted attacks that take advantage of holes in "Software A" to do something else with "Software B" to compromise a system running on "Operating System C." These attacks often transcend OS. (edit - see below)

You're not inherently safer using Open Office or Firefox in Linux than you are in Windows or OSX. The same issues plague the same software without regard for OS. The degree of severity can vary from OS to OS, especially if run as root (don't do that!!) and thereby having full system access.

Security is a function of a lot of things and the weakest link is always the user -- not the OS. The OS can make it easier or more difficult to be secure, but the OS is NOT your security blanket. Blindly trusting an OS as a security measure is folly.

Edit 2: from my pwn2own collection:
"The flaw is in something else, but the inherent nature of Java allowed us to get around the protections that Microsoft had in place," he (Macaulay) said in an interview shortly after he claimed his prize Friday. "This could affect Linux or Mac OS X."
http://blogs.zdnet.com/security/?p=993

I wonder if that reference to Java is the same thing my, sadly still, bank uses to snoop on it's clients.
They use a side of Java IIRC called JIS that lets you do the exact opposite of Java, execute code outside the Java sandbox.

..Which is one of the reasons I don't have Java..

Next Page...
original here.