Remove security-policy from config_ChainParse()

but NOT from var_OptionParse(). Rationale: At a shallow level, this breaks the command line use badly. At a deeper level: We still do security enforcement in var_OptionParse(). In practice, the config chain strings are always coming from (part of) the value of string configuration variable, which is parsed by var_OptionParse(). Hence, as long as these variables are all tagged as "unsafe", only trusted input can ever reach config_ChainParse(). There are other (intractable?) issues with checking configuration chain strings: First, we would also need to check the module name in front of the {var1=val1,...} stuff. Second, some modules parse their configuration chain manually, i.e. they don't call config_ChainParse() and sometimes do not register their variables as configuration items (e.g. the sout duplicate module). If you have a super-duper idea on how to improve this, you're welcome, but in the mean time... Signed-off-by: Rémi Denis-Courmont <rem@videolan.org> Vaguely-acked-by: Pierre d'Herbemont <pdherbemont@free.fr>

Remove security-policy from config_ChainParse()
but NOT from var_OptionParse(). Rationale: At a shallow level, this breaks the command line use badly. At a deeper level: We still do security enforcement in var_OptionParse(). In practice, the config chain strings are always coming from (part of) the value of string configuration variable, which is parsed by var_OptionParse(). Hence, as long as these variables are all tagged as "unsafe", only trusted input can ever reach config_ChainParse(). There are other (intractable?) issues with checking configuration chain strings: First, we would also need to check the module name in front of the {var1=val1,...} stuff. Second, some modules parse their configuration chain manually, i.e. they don't call config_ChainParse() and sometimes do not register their variables as configuration items (e.g. the sout duplicate module). If you have a super-duper idea on how to improve this, you're welcome, but in the mean time... Signed-off-by: Rémi Denis-Courmont <rem@videolan.org> Vaguely-acked-by: Pierre d'Herbemont <pdherbemont@free.fr>
cc1f013d · Rémi Denis-Courmont · 0d15cad1 · cc1f013d
Commit cc1f013d authored Mar 02, 2008 by Rémi Denis-Courmont
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 24 deletions

src/config/chain.c src/config/chain.c +0 -24

No files found.
--- a/src/config/chain.c
+++ b/src/config/chain.c
@@ -320,30 +320,6 @@ void __config_ChainParse( vlc_object_t *p_this, const char *psz_prefix,
                 msg_Warn( p_this, "Option %s is obsolete. Use %s instead.",
                           name, psz_name );
            }
-            if( !p_conf->b_safe )
-            {
-                int policy = config_GetInt( p_this, "security-policy" );
-                switch( policy )
-                {
-                    case 0: /* block */
-                        msg_Err( p_this, "option %s is unsafe and is blocked by security policy", psz_name );
-                        return;
-                    case 1: /* allow */
-                        break;
-                    case 2: /* prompt */
-                    {
-                        char description[256];
-                        snprintf(description, sizeof(description), _("playlist item is making use of the following unsafe option '%s', which may be harmful if used in a malicious way, authorize it ?"), psz_name);
-                        if( DIALOG_OK_YES != intf_UserYesNo( p_this, _("WARNING: Unsafe Playlist"), description, _("Yes"), _("No"), NULL) )
-                        {
-                            msg_Err( p_this, "option %s is unsafe and is blocked by security policy", psz_name );
-                            return;
-                        }
-                    }
-                    default:
-                        ;
-                }
-            }
        }
        /* </Check if the option is deprecated> */