Linonut wrote:
> * Tim Smith peremptorily fired off this memo:
>> In article <1eg5b5-dei.ln1@xxxxxxxxxx>, "[H]omer" <spam@xxxxxxx>
>> wrote:
>>> Perhaps you could also explain why Microsoft felt the need to
>>> /compete/ with an Open Standard, using another ostensibly open
>>> "standard" filled with proprietary binary blobs?
>>
>> Perhaps you could ask a question that doesn't posit things that are
>> incorrect, such as that part about proprietary binary blobs?
Why do you persist in this lie?
[quote]
Gray Knowlton brought up the issue of binary printer stuff in Open XML
which is a potential security issue according to India-79 et alii
Security hole. OOXML allows the inclusion of arbitrary binary blobs
of data in ways that could be abused my malicious document authors. For
example: Part 1, Section 15.2.14 recommends that print settings be
stored in the binary DEVMODE format used by Windows printer drivers.
However, if someone were to change this DEVMODE binary data it would be
loaded into the printer driver the next time a user tried to print.
Since a printer driver operates at a higher level of privilege than a
user, this may allow a hacker to take control of a user's machine by
crafting a specific document
What does ECMA say?
Agreed; One of the primary design goals for the Office Open XML
formats was to provide open and XML- conformant independence from
proprietary formats and features. DEVMODE structures are found in the
large corpus of existing binary documents, and DIS 29500 defines a
format for high-fidelity representation of those documents. As such, it
allows for storage of the DEVMODE structure within the package, to
preserve the content of those structures in existing binary documents.
The members of Ecma TC45 felt that failure to preserve this existing
content would be perceived as a loss of fidelity and interoperability by
persons who have found the presence of this structure useful in existing
documents.
We note that there are many types of non-XML content allowed in
common office document formats, including image and media formats. In
the case of printer settings, there does not currently exist an ISO/IEC
standard for storing this information in an XML-based format. If and
when such a format becomes available, DIS 29500 will be able to use that
format for storage of printer settings, and implementers may then choose
to convert existing DEVMODE structures to an XML-based alternative if so
desired.
In short it means ECMA finds Open XML shall remain an incomplete
specified and inconsistent format. Some elements are still (in the spec
undocumented) binary. It is hard to understand why DEVMODE structures
cannot be transformed to XML for consistency reasons. Ah!
"High-fidelity" of course which means everything but in particular that
your XML format is a projection of the binary format, also by some
referred to as a "dump" of the old legacy format. Even more fidelity is
guaranteed when you just take the binary. In wonder why the drafters of
the format started this WordprocessingML and didn't add support for the
highest fidelity of the doc format inside the open packaging zip container.
[/quote]
http://www.noooxml.org/forum/t-36122/printer-binary-and-ecma-tries-duck-and-cover
> Any format that will support even just pictures, will end up having
> "binary blobs".
>
> That's not what worries me.
It should, if those blobs are Microsoft's "Intellectual Property".
> There is only one reason why Microsoft is even bothering with OOXML:
> governments are starting to get serious about having an "open"
> document format that has less risk of rendering data inaccessible.
Let's hope they (and we) don't just end up with a Trojan horse.
--
K.
http://slated.org
.----
| 'When it comes to knowledge, "ownership" just doesn't make sense'
| ~ Cory Doctorow, The Guardian. http://tinyurl.com/22bgx8
`----
Fedora release 8 (Werewolf) on sky, running kernel 2.6.23.8-63.fc8
13:55:28 up 89 days, 11:31, 4 users, load average: 0.00, 0.11, 0.19
|
|
