[vlc-devel] vlc: svn commit r23880 (courmisch)

Damien Fouilleul damien.fouilleul at laposte.net
Thu Dec 27 13:34:28 CET 2007


Remi,

Moreover, i think we can control safe/unsafe options by using a global  
configuration setting such as --no-allow-unsafe-options (which is  
marked as unsafe itself ;), whereby unsafe options CANNOT be set  
outside of the preferences and/or command line, therefore preventing  
playlists, javascript, etc... from changing them.

tell me what you think, i can try to complete that work if you want.

Damien

On 27 Dec 2007, at 12:21, Damien Fouilleul wrote:

> remi,
>
> i'm glad you implemented that option as i think this is the best way
> to solve that security problem with options, however i think you
> should have inverted that option, basically using VLC_CONFIG_UNSAFE,
> as i believe most options are safe to use, all we need to do is mark
> the configuration options that are actually unsafe (basically all
> options dealing with files and/or URLs in general)
>
> good work
>
> damien
>
> On 26 Dec 2007, at 12:13, Subversion daemon wrote:
>
>> r23880 | courmisch | 2007-12-26 13:13:56 +0100 (Wed, 26 Dec 2007) |
>> 2 lines
>> Changed paths:
>>  M /trunk/include/vlc_configuration.h
>>  M /trunk/src/modules/entry.c
>>
>> Add "safe" config item property
>>
>>> http://trac.videolan.org/vlc/changeset/23880
>> _______________________________________________
>> vlc-devel mailing list
>> To unsubscribe or modify your subscription options:
>> http://mailman.videolan.org/listinfo/vlc-devel
>>
>
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> http://mailman.videolan.org/listinfo/vlc-devel
>





More information about the vlc-devel mailing list