Commit cc1f013d authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

Remove security-policy from config_ChainParse()

but NOT from var_OptionParse().

Rationale: At a shallow level, this breaks the command line use badly.
At a deeper level: We still do security enforcement in
var_OptionParse(). In practice, the config chain strings are always
coming from (part of) the value of string configuration variable,
which is parsed by var_OptionParse(). Hence, as long as these variables
are all tagged as "unsafe", only trusted input can ever reach
config_ChainParse().

There are other (intractable?) issues with checking configuration chain
strings: First, we would also need to check the module name in front of
the {var1=val1,...} stuff. Second, some modules parse their
configuration chain manually, i.e. they don't call config_ChainParse()
and sometimes do not register their variables as configuration items
(e.g. the sout duplicate module).

If you have a super-duper idea on how to improve this, you're welcome,
but in the mean time...
Signed-off-by: Rémi Denis-Courmont's avatarRémi Denis-Courmont <rem@videolan.org>
Vaguely-acked-by: Pierre's avatarPierre d'Herbemont <pdherbemont@free.fr>
parent 0d15cad1
......@@ -320,30 +320,6 @@ void __config_ChainParse( vlc_object_t *p_this, const char *psz_prefix,
msg_Warn( p_this, "Option %s is obsolete. Use %s instead.",
name, psz_name );
}
if( !p_conf->b_safe )
{
int policy = config_GetInt( p_this, "security-policy" );
switch( policy )
{
case 0: /* block */
msg_Err( p_this, "option %s is unsafe and is blocked by security policy", psz_name );
return;
case 1: /* allow */
break;
case 2: /* prompt */
{
char description[256];
snprintf(description, sizeof(description), _("playlist item is making use of the following unsafe option '%s', which may be harmful if used in a malicious way, authorize it ?"), psz_name);
if( DIALOG_OK_YES != intf_UserYesNo( p_this, _("WARNING: Unsafe Playlist"), description, _("Yes"), _("No"), NULL) )
{
msg_Err( p_this, "option %s is unsafe and is blocked by security policy", psz_name );
return;
}
}
default:
;
}
}
}
/* </Check if the option is deprecated> */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment