]>
Commit | Line | Data |
---|---|---|
6ec3822c BM |
1 | /* Example of a possible semi-secure /DCCALLOW configuration written by Syzop. |
2 | * $Id$ | |
3 | * | |
4 | * Actually nothing is *100% secure*... there could still be | |
5 | * bugs in the software itself (think: a winamp bug that can | |
6 | * be exploited via an mp3, or: a wmplayer bug that can be | |
7 | * exploited via a specially crafted .wmv, etc..). | |
8 | * If you are really that paranoid you could just remove | |
9 | * all 'allow dcc'-blocks and prompt the user for EVERY file ;). | |
10 | * | |
11 | * Still, I think this file is a good tradeoff between userfriendlyness | |
12 | * and security. Note that when you try to only DENY specific | |
13 | * file type (exe, com, etc) you are *guaranteed* to miss ones | |
14 | * (like: did you know .r17 gets treated as a rar archive? | |
15 | * and that an exe can be disguished as .cmd which is executable | |
16 | * on nt/w2k/xp?) | |
17 | */ | |
18 | ||
19 | /* first.. deny everything, then allow known-good stuff... */ | |
20 | deny dcc { filename "*"; reason "Possible executable content"; soft yes; }; | |
21 | /* common image formats */ | |
22 | allow dcc { filename "*.jpg"; soft yes; }; | |
23 | allow dcc { filename "*.jpeg"; soft yes; }; | |
24 | allow dcc { filename "*.gif"; soft yes; }; | |
25 | allow dcc { filename "*.png"; soft yes; }; | |
47f3c432 | 26 | allow dcc { filename "*.bmp"; soft yes; }; |
6ec3822c BM |
27 | /* audio / video (but not scripted/playlists!) */ |
28 | allow dcc { filename "*.mp1"; soft yes; }; | |
29 | allow dcc { filename "*.mp2"; soft yes; }; | |
30 | allow dcc { filename "*.mp3"; soft yes; }; | |
31 | allow dcc { filename "*.mpg"; soft yes; }; | |
32 | allow dcc { filename "*.mpeg"; soft yes; }; | |
33 | allow dcc { filename "*.m1v"; soft yes; }; | |
34 | allow dcc { filename "*.m2v"; soft yes; }; | |
47f3c432 | 35 | allow dcc { filename "*.vob"; soft yes; }; |
6ec3822c | 36 | allow dcc { filename "*.wav"; soft yes; }; |
6ec3822c BM |
37 | /* text / misc */ |
38 | allow dcc { filename "*.txt"; soft yes; }; | |
47f3c432 | 39 | allow dcc { filename "*.log"; soft yes; }; |
6ec3822c BM |
40 | allow dcc { filename "*.pdf"; soft yes; }; |
41 | allow dcc { filename "*.c"; soft yes; }; | |
42 | allow dcc { filename "*.cpp"; soft yes; }; |