git.sesse.net Git - vlc/commit

author	Rémi Denis-Courmont <rem@videolan.org>
	Sun, 2 Mar 2008 17:08:32 +0000 (19:08 +0200)
committer	Rémi Denis-Courmont <rem@videolan.org>
	Sun, 2 Mar 2008 17:24:48 +0000 (19:24 +0200)
commit	cc1f013dc503b70fab75d059686044fb2b7a1116
tree	2af65e17ce62dcb3f623cfaa9983aa2247163a6d	tree \| snapshot
parent	0d15cad14a3c1e7d18415d68dd1dffdd976ee058	commit \| diff

Remove security-policy from config_ChainParse()
but NOT from var_OptionParse().

Rationale: At a shallow level, this breaks the command line use badly.
At a deeper level: We still do security enforcement in
var_OptionParse(). In practice, the config chain strings are always
coming from (part of) the value of string configuration variable,
which is parsed by var_OptionParse(). Hence, as long as these variables
are all tagged as "unsafe", only trusted input can ever reach
config_ChainParse().

There are other (intractable?) issues with checking configuration chain
strings: First, we would also need to check the module name in front of
the {var1=val1,...} stuff. Second, some modules parse their
configuration chain manually, i.e. they don't call config_ChainParse()
and sometimes do not register their variables as configuration items
(e.g. the sout duplicate module).

If you have a super-duper idea on how to improve this, you're welcome,
but in the mean time...

Signed-off-by: Rémi Denis-Courmont <rem@videolan.org>
Vaguely-acked-by: Pierre d'Herbemont <pdherbemont@free.fr>