Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 29470 Details for
Bug 48107
media-libs/xine-lib : filesystem write vulnerability XSA-2004-1
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
xine-lib patch
xine-lib-implicit-config.patch (text/plain), 1.56 KB, created by
fbusse
on 2004-04-16 22:32:06 UTC
(
hide
)
Description:
xine-lib patch
Filename:
MIME Type:
Creator:
fbusse
Created:
2004-04-16 22:32:06 UTC
Size:
1.56 KB
patch
obsolete
>--- src/xine-engine/configfile.c 3 Mar 2004 20:09:16 -0000 1.62 >+++ src/xine-engine/configfile.c 16 Mar 2004 20:50:08 -0000 1.63 >@@ -969,6 +969,15 @@ > int handled = 0; > > lprintf ("change_opt '%s'\n", opt); >+ >+ if ((entry = config->lookup_entry(config, "misc.implicit_config")) && >+ entry->type == CONFIG_TYPE_BOOL) { >+ if (!entry->num_value) >+ /* changing config entries implicitly is denied */ >+ return -1; >+ } else >+ /* someone messed with the config entry */ >+ return -1; > > if(config && opt) { > char *key, *value; >--- src/xine-engine/xine.c 3 Mar 2004 20:09:18 -0000 1.284 >+++ src/xine-engine/xine.c 16 Mar 2004 20:50:09 -0000 1.285 >@@ -1429,6 +1429,21 @@ > _("Path for saving streams"), > _("Streams will be saved only into this directory"), > XINE_CONFIG_SECURITY, __config_save_cb, this); >+ >+ /* >+ * implicit configuration changes >+ */ >+ this->config->register_bool(this->config, >+ "misc.implicit_config", 0, >+ _("allow implicit changes to the configuration (e.g. by MRL)"), >+ _("If enabled, you allow xine to change your configuration without " >+ "explicit actions from your side. For example configuration changes " >+ "demanded by MRLs or embedded into playlist will be executed.\n" >+ "This setting is security critcal, because xine can receive MRLs or " >+ "playlists from untrusted remote sources. If you allow them to " >+ "arbitrarily change your configuration, you might end with a totally " >+ "messed up xine."), >+ XINE_CONFIG_SECURITY, NULL, this); > > /* > * keep track of all opened streams
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 48107
: 29470