[MPlayer-dev-eng] running a program with a keystroke - passing playing filename to it

compn tempn at twmi.rr.com
Tue Dec 21 22:36:00 CET 2010

On Tue, 21 Dec 2010 14:19:19 -0700, Kevin DeKorte wrote:
>Hash: SHA1
>On 12/21/2010 12:00 PM, Elias Gabriel Amaral da Silva wrote:
>> 2010/12/21 Clément Bœsch <ubitux at gmail.com>:
>>>> [...]
>>>> diff --git a/DOCS/tech/slave.txt b/DOCS/tech/slave.txt
>>>> index e31a9f4..5bcf074 100644
>>>> --- a/DOCS/tech/slave.txt
>>>> +++ b/DOCS/tech/slave.txt
>>>> @@ -508,6 +508,11 @@ run <value>
>>>>      Run <value> as shell command. In OSD menu console mode stdout and stdin
>>>>      are through the video output driver.
>>>> +    It expands properties inside the command. Due to an unfortunate
>>>> +    syntax clash, it *looks* like those properties are shell variables,
>>>> +    but then aren't. (for example, in run "echo ${filename}",
>>>           ^^^^
>>>           they?
>> oh yes, that was a typo, thanks
>I'm a little concerned that this patch allows mplayer to execute pretty
>much any command available at the OS level. I know it is not running as
>root, but it still concerns me a bit.

you are a few years too late to voice that concern. mplayer has had the
'run' parameter since 2003 (or earlier). this patch just creates a
variable to pass the current filename to 'run'. :)

now you should wonder how many boxes have been rooted using mplayer's
run command, or why mplayer devels would add a backdoor like this.


More information about the MPlayer-dev-eng mailing list