1. 16 Jan, 2008 3 commits
    • Damien Fouilleul's avatar
      vlc security: As i've seen very little improvement on that front, i've decided... · 658b4f83
      Damien Fouilleul authored
      vlc security: As i've seen very little improvement on that front, i've decided to check in my take on handling the problem of managing harmful options. I'm pretty sure this is going to be very controversial, but I think my approach is quite simple and yet very effective Anyway, my approach makes the following assumptions:
      
      - most vlc options are considered safe, only a handful are particularily unsafe and need be declared as such in their definition (they mostly deal with writing to an output file or URL)
      - unsafe options are only considered potentially harmful when used as an input option, ie. the ':option' format. Configuration options are always considered safe 'i.e --option' 
      - unsafe options are associated with a global security policy, which dictates how these are handled. At the moment, The policy can be either block, allow or prompt, and is set using the '--security-policy' option (which itself is considered unsafe ;)
      
      the policy can be set by the user at the command line or in the preferences, it curently defaults to prompt, which is the desirable state for deskop use. However, it can be overriden depending on context, for example, the activex and mozilla will force the security-policy to block regardless of preference settins.
      
      the code is a bit rough at the moment, but i will optimize/clean it up if the dev community this approach is worth keeping.
      
      try the following example, and you'll see quickly what i mean:
      
      ./vlc -vvv <a mrl> :sout=#transcode{vcodec=mp1v,vb=1024,acodec=mpga,ab=192}:standard{mux=ts,dst=vlc-output.ts,access=file}"
      
      Enjoy,
         Damien
      
      
      658b4f83
    • Rémi Denis-Courmont's avatar
    • Rafaël Carré's avatar
      input options whitelisting: 1st step · 9e5ebb07
      Rafaël Carré authored
      9e5ebb07
  2. 26 Dec, 2007 1 commit
  3. 21 Dec, 2007 1 commit
  4. 17 Dec, 2007 4 commits
  5. 16 Dec, 2007 5 commits
  6. 15 Dec, 2007 3 commits
  7. 12 Dec, 2007 1 commit
  8. 14 Nov, 2007 1 commit
  9. 22 Oct, 2007 2 commits
  10. 19 Aug, 2007 2 commits
  11. 16 Aug, 2007 1 commit
  12. 04 Aug, 2007 1 commit
  13. 20 May, 2007 1 commit
  14. 15 Apr, 2007 1 commit
  15. 07 Apr, 2007 1 commit
  16. 28 Mar, 2007 1 commit
  17. 27 Mar, 2007 1 commit
  18. 03 Dec, 2006 1 commit
    • Clément Stenac's avatar
      A bit of vlc/libvlc cleanup: · fbf4c806
      Clément Stenac authored
      * libvlc sources and plugins now define __LIBVLC__ and headers exported to
        plugins (ie, include/vlc_*.h) check for this
      * libvlc sources use the value of the "libvlc" component in vlc-config instead
        of vlc
      * Apply flags directly to "libvlc" in configure.ac - might temporarily break win32 :)
      fbf4c806
  19. 26 Nov, 2006 2 commits
    • Clément Stenac's avatar
      Did I loose the count ? · a29a4e2e
      Clément Stenac authored
      a29a4e2e
    • Clément Stenac's avatar
      A bit of headers cleanup · d3fe7f28
      Clément Stenac authored
      * Headers in include must contain the structures and prototypes needed
        by the plugins and should be named vlc_*.
      * Headers in include/vlc must contain the structures and prototypes
        needed by external libvlc clients
      
      * Moved and renamed some things in headers. 
         - Removed vlc_cpu.h, vlc_error.h (merged in vlc_common)
         - Removed snapshot.h (merged in vlc_vout.h)
         - Removed vlc_spu.h (merged in vlc_osd.h)
         - Removed intf_eject.h and vlc_interaction.h (merged in vlc_interface)
         - Moved all internal headers to src
         - Merged vlc_video.h and video_output.h and move private things to src
         - Removed vlc/intf.h, vlc/aout.h, vlc/vout.h, vlc/decoder.h and vlc/input.h
           (meta headers for use in modules, and often implying too large 
           dependencies)
      * Removed some useless dependencies
      * Unexported a bunch of functions and structures used only in src/
        (--> Still some work here)
      * Finally made input_thread_t and input_source_t (mostly) private. 
        Added input_GetItem to fetch the input_item of an input_thread
      * Cleaned up deprecated entries in vlc_symbols.h and bumped up symbol 
        prefix
      
      This commit has a 99% probability of breaking the build, 0.1% of killing
      your cat and 0% of getting you hot chicks.
      d3fe7f28
  20. 22 Nov, 2006 2 commits
  21. 21 Nov, 2006 1 commit
  22. 20 Nov, 2006 1 commit
  23. 12 Nov, 2006 1 commit
  24. 08 Nov, 2006 1 commit
  25. 22 Oct, 2006 1 commit