[MPlayer-cvslog] r23409 - in trunk: cfg-mplayer.h libmenu/menu_filesel.c

Attila Kinali attila at kinali.ch
Mon Jul 2 13:41:34 CEST 2007


On Tue, 29 May 2007 20:49:38 +0200 (CEST)
ben <subversion at mplayerhq.hu> wrote:

> Author: ben
> Date: Tue May 29 20:49:38 2007
> New Revision: 23409
> 
> Log:
> new -menu-chroot option that prevent OSD file selection menu to go to an unwanted location (yeah, chroot ;-))
[...] 
> +    if (menu_chroot && !strcmp (dp->d_name,"..")) {
> +      int len = strlen (menu_chroot);
> +      if ((strlen (mpriv->dir) == len || strlen (mpriv->dir) == len + 1)
> +          && !strncmp (mpriv->dir, menu_chroot, len))
> +        continue;
> +    }

I think this option is missnamed. It does not do an
actual chroot but internally limits moving up in the
hierarchy. Thus it does not provide the same security
and thus makes the user believe that only this
specific subtree can be accessed, while it is very well
possible to circumvent this protection very easily.

IMHO this option should be either renamed or replaced
by a true chroot.

			Attila Kinali

-- 
Praised are the Fountains of Shelieth, the silver harp of the waters,
But blest in my name forever this stream that stanched my thirst!
                         -- Deed of Morred



More information about the MPlayer-cvslog mailing list