[vlc-devel] vlc: svn commit r23880 (courmisch)

Rémi Denis-Courmont rem at videolan.org
Thu Dec 27 17:47:14 CET 2007


Le jeudi 27 décembre 2007, Damien Fouilleul a écrit :
> i'm glad you implemented that option as i think this is the best way
> to solve that security problem with options, however i think you
> should have inverted that option, basically using VLC_CONFIG_UNSAFE,

And who's going to validate every single of the hundreds of options that 
we have? And worst yet, the explosive possibilites when combining 
options.

> as i believe most options are safe to use, all we need to do is mark
> the configuration options that are actually unsafe (basically all
> options dealing with files and/or URLs in general)

That's pretty much impossible. The demux option is clearly harmful as 
well, yet it does not deal with URL.

-- 
Rémi Denis-Courmont
http://www.remlab.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20071227/cdce6e47/attachment.sig>


More information about the vlc-devel mailing list