Remove the short-lived security-policy parameter.

In by far the overwhelming majority of cases, the user would not know how to determine the correct answer to the security prompt (did you ever compare SSL error handling in IE6 and IE7?). Since the trust value is now determined programatically, this would seem to mostly help users shoot themselves in the foot. --security-policy is also broken when using --playlist-enqueue: imagine you are running VLC with no security, and then your browser enqueues an M3U from some nasty webserver... fireworks. Wrappers around VLC really should NOT use M3U files if they need to tweak certain options (e.g. --sout). Global options can simply be set the normal way from the command line (e.g.: vlc --sout '#std{...}'). Per-item options can be set using the colon notation. Multiple items should be expanded on the command line in the right order, rather than written to a M3U file. Alternative, IPC interfaces could be used (single instance + playlist enqueue, RC interface, DBus interface...) or language bindings. *** Important note *** Web browser plugins are still in need of fixing. I suppose libvlc-control should be extented to support playlist item trust. Feel free to revert and do something else if you have a _better_ idea.

Remove the short-lived security-policy parameter.
In by far the overwhelming majority of cases, the user would not know how to determine the correct answer to the security prompt (did you ever compare SSL error handling in IE6 and IE7?). Since the trust value is now determined programatically, this would seem to mostly help users shoot themselves in the foot. --security-policy is also broken when using --playlist-enqueue: imagine you are running VLC with no security, and then your browser enqueues an M3U from some nasty webserver... fireworks. Wrappers around VLC really should NOT use M3U files if they need to tweak certain options (e.g. --sout). Global options can simply be set the normal way from the command line (e.g.: vlc --sout '#std{...}'). Per-item options can be set using the colon notation. Multiple items should be expanded on the command line in the right order, rather than written to a M3U file. Alternative, IPC interfaces could be used (single instance + playlist enqueue, RC interface, DBus interface...) or language bindings. *** Important note *** Web browser plugins are still in need of fixing. I suppose libvlc-control should be extented to support playlist item trust. Feel free to revert and do something else if you have a _better_ idea.
6ee1e74f · Rémi Denis-Courmont · 794a6935 · 6ee1e74f · 6ee1e74f
Commit 6ee1e74f authored Mar 18, 2008 by Rémi Denis-Courmont
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 36 deletions

src/libvlc-module.c src/libvlc-module.c +0 -15

src/misc/variables.c src/misc/variables.c +3 -21

No files found.
--- a/src/libvlc-module.c
+++ b/src/libvlc-module.c
@@ -977,14 +977,6 @@ static const char *ppsz_clock_descriptions[] =
 #define MINIMIZE_THREADS_LONGTEXT N_( \
     "This option minimizes the number of threads needed to run VLC.")

-#define SECURITY_POLICY_TEXT N_("Policy for handling unsafe options.")
-#define SECURITY_POLICY_LONGTEXT N_( \
-     "This option dictates the default policy when processing options " \
-     "which may be harmful when used in a malicious way.")
-
-static int pi_secpolicy_values[] = { 0, 1, 2 };
-static const char *ppsz_secpolicy_descriptions[] = { N_("Block"), N_("Allow"), N_("Prompt") };
-
 #define PLUGIN_PATH_TEXT N_("Modules search path")
 #define PLUGIN_PATH_LONGTEXT N_( \
    "Additional path for VLC to look for its modules.")
@@ -1809,13 +1801,6 @@ vlc_module_begin();
              MINIMIZE_THREADS_LONGTEXT, VLC_TRUE );
        change_need_restart();

-    set_section( N_("Security options"), NULL );
-    add_integer( "security-policy", 2, NULL, SECURITY_POLICY_TEXT,
-              SECURITY_POLICY_LONGTEXT, VLC_TRUE );
-        change_integer_list( pi_secpolicy_values, ppsz_secpolicy_descriptions, 0 );
-        change_unsafe();
-        change_need_restart();
-
 #if !defined(__APPLE__) && !defined(SYS_BEOS) && defined(LIBVLC_USE_PTHREAD)
    add_bool( "rt-priority", VLC_FALSE, NULL, RT_PRIORITY_TEXT,
              RT_PRIORITY_LONGTEXT, VLC_TRUE );

--- a/src/misc/variables.c
+++ b/src/misc/variables.c
@@ -1098,27 +1098,9 @@ void var_OptionParse( vlc_object_t *p_obj, const char *psz_option,
        module_config_t *p_config = config_FindConfig( p_obj, psz_name );
        if( !p_config->b_safe )
        {
-            int policy = config_GetInt( p_obj, "security-policy" );
-            switch( policy )
-            {
-                case 0: /* block */
-                    msg_Err( p_obj, "option %s is unsafe and is blocked by security policy", psz_name );
-                    return;
-                case 1: /* allow */
-                    break;
-                case 2: /* prompt */
-                {
-                    char description[256];
-                    snprintf(description, sizeof(description), _("playlist item is making use of the following unsafe option '%s', which may be harmful if used in a malicious way, authorize it ?"), psz_name);
-                    if( DIALOG_OK_YES != intf_UserYesNo( p_obj, _("WARNING: Unsafe Playlist"), description, _("Yes"), _("No"), NULL) )
-                    {
-                        msg_Err( p_obj, "option %s is unsafe and is blocked by security policy", psz_name );
-                        goto cleanup;
-                    }
-                }
-                default:
-                    ;
-            }
+            msg_Err( p_obj, "unsafe option \"%s\" has been ignored for "
+                            "security reasons", psz_name );
+            return;
        }
    }