[MPlayer-cvslog] r23409 - in trunk: cfg-mplayer.h libmenu/menu_filesel.c

Benjamin Zores ben at geexbox.org
Mon Jul 2 14:38:47 CEST 2007


On 7/2/07, Attila Kinali <attila at kinali.ch> wrote:
> On Tue, 29 May 2007 20:49:38 +0200 (CEST)
> ben <subversion at mplayerhq.hu> wrote:
>
> > Author: ben
> > Date: Tue May 29 20:49:38 2007
> > New Revision: 23409
> >
> > Log:
> > new -menu-chroot option that prevent OSD file selection menu to go to an unwanted location (yeah, chroot ;-))
> [...]
> > +    if (menu_chroot && !strcmp (dp->d_name,"..")) {
> > +      int len = strlen (menu_chroot);
> > +      if ((strlen (mpriv->dir) == len || strlen (mpriv->dir) == len + 1)
> > +          && !strncmp (mpriv->dir, menu_chroot, len))
> > +        continue;
> > +    }
>
> I think this option is missnamed. It does not do an
> actual chroot but internally limits moving up in the
> hierarchy. Thus it does not provide the same security
> and thus makes the user believe that only this
> specific subtree can be accessed, while it is very well
> possible to circumvent this protection very easily.
>
> IMHO this option should be either renamed or replaced
> by a true chroot.

Got a better name ?


-- 
"My life, and by extension everyone else's is meaningless."
Bender, Futurama



More information about the MPlayer-cvslog mailing list