[MPlayer-cvslog] r32025 - in trunk: loader/module.c mplayer.c

Reimar Döffinger Reimar.Doeffinger at gmx.de
Fri Aug 27 22:34:26 CEST 2010

On Fri, Aug 27, 2010 at 04:38:22PM -0400, compn wrote:
> On Fri, 27 Aug 2010 18:28:53 +0200 (CEST), reimar wrote:
> >Author: reimar
> >Date: Fri Aug 27 18:28:53 2010
> >New Revision: 32025
> >
> >Log:
> >Disable loading codecs from the current directory.
> >While convenient, it is too risky.
> awwwwwww current dir makes things much easier for me to add/debug
> codecs. well i guess its not that big of a deal.

Yes, but it is also rather convenient to be able to play
files in the current directory without risking code being
executed you don't want to.
However, you can still
1) set -codec-path even at runtime to something that helps there
2) comment out that call if you're willing to take the risk
3) set PATH to include something relative to the current directory.
   Some people recommend to manually clean the path from these
   since broken installers often leave them behind and then you
   have exactly the same issue again, but this level of messing
   with OS internal is not acceptable to me.
   To anyone adding things to PATH on Windows: If you add a relative
   path (can also happen when a shell variable does not expand properly,
   so check that before you add a PATH using such) you just created
   a huge vulnerability.

For Windows part of the problem is that it is easily possible
to set the "current directory" to a WebDAV directory.
For Linux nobody is used to it and also you can set LD_LIBRARY_PATH.

More information about the MPlayer-cvslog mailing list