Changeset cc1f013dc503b70fab75d059686044fb2b7a1116

Show
Ignore:
Timestamp:
03/02/08 18:24:48 (6 months ago)
Author:
Rémi Denis-Courmont <rem@videolan.org>
git-committer:
Rémi Denis-Courmont <rem@videolan.org> 1204478688 +0200
git-parent:

[0d15cad14a3c1e7d18415d68dd1dffdd976ee058]

git-author:
Rémi Denis-Courmont <rem@videolan.org> 1204477712 +0200
Message:

Remove security-policy from config_ChainParse()
but NOT from var_OptionParse().

Rationale: At a shallow level, this breaks the command line use badly.
At a deeper level: We still do security enforcement in
var_OptionParse(). In practice, the config chain strings are always
coming from (part of) the value of string configuration variable,
which is parsed by var_OptionParse(). Hence, as long as these variables
are all tagged as "unsafe", only trusted input can ever reach
config_ChainParse().

There are other (intractable?) issues with checking configuration chain
strings: First, we would also need to check the module name in front of
the {var1=val1,...} stuff. Second, some modules parse their
configuration chain manually, i.e. they don't call config_ChainParse()
and sometimes do not register their variables as configuration items
(e.g. the sout duplicate module).

If you have a super-duper idea on how to improve this, you're welcome,
but in the mean time...

Signed-off-by: Rémi Denis-Courmont <rem@videolan.org>
Vaguely-acked-by: Pierre d'Herbemont <pdherbemont@free.fr>

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • src/config/chain.c

    r15e4046 rcc1f013  
    321321                           name, psz_name ); 
    322322            } 
    323             if( !p_conf->b_safe ) 
    324             { 
    325                 int policy = config_GetInt( p_this, "security-policy" ); 
    326                 switch( policy ) 
    327                 { 
    328                     case 0: /* block */ 
    329                         msg_Err( p_this, "option %s is unsafe and is blocked by security policy", psz_name ); 
    330                         return; 
    331                     case 1: /* allow */ 
    332                         break; 
    333                     case 2: /* prompt */ 
    334                     { 
    335                         char description[256]; 
    336                         snprintf(description, sizeof(description), _("playlist item is making use of the following unsafe option '%s', which may be harmful if used in a malicious way, authorize it ?"), psz_name); 
    337                         if( DIALOG_OK_YES != intf_UserYesNo( p_this, _("WARNING: Unsafe Playlist"), description, _("Yes"), _("No"), NULL) ) 
    338                         { 
    339                             msg_Err( p_this, "option %s is unsafe and is blocked by security policy", psz_name ); 
    340                             return; 
    341                         } 
    342                     } 
    343                     default: 
    344                         ; 
    345                 } 
    346             } 
    347323        } 
    348324        /* </Check if the option is deprecated> */