[MPlayer-dev-eng] Re: [PATCH] Runtime Option to view the configure line used
Brian Murray
brian at game-sat.com
Mon Nov 27 17:05:40 CET 2006
On 13-Nov-06, at 4:55 PM, Diego Biurrun wrote:
> On Tue, Nov 14, 2006 at 01:30:15AM +0200, Ivan Kalvachev wrote:
>> 2006/11/12, Brian Murray <brian at game-sat.com>:
>>>
>>> On 12-Nov-06, at 11:53 AM, Diego Biurrun wrote:
>>>
>>>> *Please* don't top post.
>>>>
>>>> On Sun, Nov 12, 2006 at 11:45:56AM -0700, Brian Murray wrote:
>>>>> Ok. Done. I still think a -configure-with is a good idea, but
>>>>> the -
>>>>> msglevel likely was overkill. Now it only displays with -v.
>>>>
>>>> This addresses only one part of my review, the info is not
>>>> printed by
>>>> MEncoder now. Also, it's not necessary to print the gcc version
>>>> (much
>>>> less with ugly #ifdefs), that's already part of the version string.
>>>>
>>>>> On 12-Nov-06, at 6:52 AM, Diego Biurrun wrote:
>>>>>
>>>>>> On Sat, Nov 11, 2006 at 07:52:29PM -0700, Brian Murray wrote:
>>>>>>> Ok. It responds to the -msglevel option of 'config', at level
>>>>>>> 5 and
>>>>>>> above.
>>>>>>>
>>>>>>> When bug reports are submitted, all= will catch them. Should
>>>>>>> help. :)
>>>>>>>
>>>>>>> It still responds to -configure-with. I think this is a
>>>>>>> necessity, as
>>>>>>> it makes it very simple for a user to pull out the configure
>>>>>>> line
>>>>>>> that was used, instead of digging through pages of output, or
>>>>>>> needing
>>>>>>> to learn the -msglevel syntax.
>>>>>>
>>>>>> This is overkill IMO. MPlayer (and MEncoder) should just output
>>>>>> this
>>>>>> info in verbose mode, nothing more.
>>>
>>> I added it to mencoder now, and removed the #ifdef's.
>>
>> I'd like to ask for a feature of this feature.
>>
>> When package maintainer uses -with- options and gives full path
>> names,
>> including this info in the distributed binary could lead to a
>> security
>> risk.
>> (attacker could find a way to inject file in that location that
>> eventually would end up in next version of mplayer package).
>
> This must be the most esoteric attack scenario I have ever heard
> of. If
> you have that much control over a packager's machine, trojaning
> packages
> is easy...
>
> Diego
Is there anything else that needs to be done to get this patch
committed to the head?
-Brian
More information about the MPlayer-dev-eng
mailing list