[vlc-devel] [RFC] Option whitelisting policy

Rémi Denis-Courmont rdenis at simphalempin.com
Mon Sep 22 15:27:49 CEST 2008

On Mon, 22 Sep 2008 14:47:20 +0200, Antoine Cellerier
<dionoea at videolan.org> wrote:
> In my opinion, options which can output data on the network or on the
> local filesystem, can change plugin loading paths, change the
> configuration path shouldn't be whitelisted.

Yeah, this pretty much eliminates the whole sout (streams, packetizers,
muxers, access outputs). This also eliminates all network "behavioral"
settings (timeout, reconnects, multicast interface). Also, most things that
can bypass/override stream "routing" are unsafe. I don't want the web page
to decide which sound card or which X11 screen to use. Especially if the
sound card is a virtual device that writes to disk. Selecting
access-filters or demux is also forbidden due to filesystem interaction.

I suspect that this actually disqualifies almost all the options that
people would actually want to (ab)use. Video filters are one potentially
useful stuff, I guess. Some demux options, such as TS PIDs may also be good
candidate. Then there are a bunch of access options such as DVB
frequencies, but I feel these should be part of the MRL in the first place,
not some separate options.

Rémi Denis-Courmont

More information about the vlc-devel mailing list