1
0
mirror of https://github.com/mpv-player/mpv synced 2024-12-23 07:12:39 +00:00

manpage: document improved --playlist security

Recent versions of mpv have applied security checks to --playlist
that previously only existed if playlist files were played as an
input directly. This commit documents this change and how to work
around it, in the event that playlist files are trusted.
This commit is contained in:
Leo Izen 2020-11-15 22:06:59 -05:00
parent 24d6961833
commit 9b5672ebed
2 changed files with 29 additions and 20 deletions

View File

@ -236,27 +236,40 @@ Playback Control
The value ``no`` is a deprecated alias for ``auto``.
``--playlist=<filename>``
Play files according to a playlist file (Supports some common formats. If
Play files according to a playlist file. Supports some common formats. If
no format is detected, it will be treated as list of files, separated by
newline characters. Note that XML playlist formats are not supported.)
newline characters. You may need this option to load plaintext files as
a playlist. Note that XML playlist formats are not supported.
You can play playlists directly and without this option, however, this
option disables any security mechanisms that might be in place. You may
also need this option to load plaintext files as playlist.
This option forces ``--demuxer=playlist`` to interpret the playlist file.
Some playlist formats, notably CUE and optical disc formats, need to use
different demuxers and will not work with this option. They still can be
played directly, without using this option.
You can play playlists directly, without this option. Before mpv version
0.31.0, this option disabled any security mechanisms that might be in
place, but since 0.31.0 it uses the same security mechanisms as playing a
playlist file directly. If you trust the playlist file, you can disable
any security checks with ``--load-unsafe-playlists``. Because playlists
can load other playlist entries, consider applying this option only to the
playlist itself and not its entries, using something along these lines:
``mpv --{ --playlist=filename --load-unsafe-playlists --}``
.. warning::
The way mpv uses playlist files via ``--playlist`` is not safe against
maliciously constructed files. Such files may trigger harmful actions.
This has been the case for all mpv and MPlayer versions, but
unfortunately this fact was not well documented earlier, and some people
have even misguidedly recommended use of ``--playlist`` with untrusted
sources. Do NOT use ``--playlist`` with random internet sources or files
you do not trust!
The way older versions of mpv played playlist files via ``--playlist``
was not safe against maliciously constructed files. Such files may
trigger harmful actions. This has been the case for all verions of
mpv prior to 0.31.0, and all MPlayer versions, but unfortunately this
fact was not well documented earlier, and some people have even
misguidedly recommended the use of ``--playlist`` with untrusted
sources. Do NOT use ``--playlist`` with random internet sources or
files you do not trust if you are not sure your mpv is at least 0.31.0.
Playlist can contain entries using other protocols, such as local files,
or (most severely), special protocols like ``avdevice://``, which are
inherently unsafe.
In particular, playlists can contain entries using protocols other than
local files, such as special protocols like ``avdevice://`` (which are
inherently unsafe).
``--chapter-merge-threshold=<number>``
Threshold for merging almost consecutive ordered chapter parts in
@ -337,9 +350,6 @@ Playback Control
location. (Instead, the behavior is as if the playlist entries were provided
directly to mpv command line or ``loadfile`` command.)
Note that ``--playlist`` always loads all entries, so you use that instead
if you really have the need for this functionality.
``--access-references=<yes|no>``
Follow any references in the file being opened (default: yes). Disabling
this is helpful if the file is automatically scanned (e.g. thumbnail

View File

@ -441,8 +441,7 @@ int stream_create_with_args(struct stream_open_args *args, struct stream **ret)
if (r == STREAM_UNSAFE) {
mp_err(log, "\nRefusing to load potentially unsafe URL from a playlist.\n"
"Use --playlist=file or the --load-unsafe-playlists option to "
"load it anyway.\n\n");
"Use the --load-unsafe-playlists option to load it anyway.\n\n");
} else if (r == STREAM_NO_MATCH || r == STREAM_UNSUPPORTED) {
mp_err(log, "No protocol handler found to open URL %s\n", args->url);
mp_err(log, "The protocol is either unsupported, or was disabled "