[vlc-devel] Patch for ticket 1371 (security policy)
Damien Fouilleul
damien.fouilleul at laposte.net
Sun Feb 10 22:35:17 CET 2008
>
> How do you imagine the priority of --default-security-policy over
> the 2
> other lists ? What if I want to use a m3u file which uses only
> dangerous
> options, but I trust this file sine I wrote it ?
all modules listed in the trusted list overrides the default security,
therefore if have 'main' listed in trusted list, all options defined
at the CLI will be allowed regardless of what is defined in default-
security-policy.
think i was a bit hasty with the untrusted list, I don't think we
need it and it hads unnecessary complexity.
Therefore to come back to your example, if you use VLC in the
following manner:
vlc --default-security-policy=2 --trusted-security-list="main, rc,
telnet" myplaylist.m3u
the creator of the options defined in myplaylist.m3u would be the
'm3u' module, and since it is not defined in the trusted list , the
default security would apply.
However, if you really trust the content of your playlist, then
nothing stops you from launching VLC that way
vlc --default-security-policy=1 myplaylist.m3u
or that way
vlc --default-security-policy=2 --trusted-security-list="main, rc,
telnet, m3u" myplaylist.m3u
in which cases all unsafe options would be allowed.
since VLC allows configuring defaults for configuration options in the
preferences, the user can set the security level the way s/he wishes,
it's all about context; we provide reasonable defaults, and the user
has control afterward, although we can hard-code security policies in
web plugins and possibly in desktop/shell shortcuts so that a user
doesn't should him/herself in the foot.
Damien
On 9 Feb 2008, at 18:12, Rafaël Carré wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Damien Fouilleul a écrit :
>> that patch sounds interesting but i think we can do better than that
>> by replacing b_explicit with the name of the object creating that
>> option, i.e CLI would be "main". That way we can specialize the
>> security policy on a per creator basis.
>>
>> as before, the default policy would be to prompt, but and you could
>> create a list of trusted creators whose policy is to allow unsafe
>> options (CLI, rc, telnet, etc...), and similarly you could create an
>> untrusted list of creators whose policy is to block unsafe options,
>> etc... all controllable through the CLI, i.e
>>
>> --default-security-policy=prompt
>> --trusted-security-list="main, rc, telnet"
>> --untrusted-security-list="asx, m3u"
>
> Nice idea, but I have a question:
>
> How do you imagine the priority of --default-security-policy over
> the 2
> other lists ? What if I want to use a m3u file which uses only
> dangerous
> options, but I trust this file sine I wrote it ?
>
>> etc...
>>
>> Damien
>
>
> - --
> Rafaël Carré
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAket7PEACgkQYWCeGMCv8Q9T6wCgvFwxCI0cYLXV0L0KF30UinRY
> eHUAoLeULw8fOLT3Tjg8ovw6akZWSw1m
> =pAGd
> -----END PGP SIGNATURE-----
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> http://mailman.videolan.org/listinfo/vlc-devel
>
_______________________________________________
vlc-devel mailing list
To unsubscribe or modify your subscription options:
http://mailman.videolan.org/listinfo/vlc-devel
More information about the vlc-devel
mailing list