diff options
author | wm4 <wm4@nowhere> | 2014-10-17 23:01:38 +0200 |
---|---|---|
committer | wm4 <wm4@nowhere> | 2014-10-17 23:03:08 +0200 |
commit | f5a19f6328d04e3f5d68554aa59408e45ad03b5d (patch) | |
tree | 7e6bde2246864926aa15db0dddd895534a895b81 | |
parent | fd7bf67019366c57c70f577606bb25cb801d6da2 (diff) | |
download | mpv-f5a19f6328d04e3f5d68554aa59408e45ad03b5d.tar.bz2 mpv-f5a19f6328d04e3f5d68554aa59408e45ad03b5d.tar.xz |
manpage: ipc: explain security implications
It's kind of obvious, since the protocol by design has to allow you to
read (loadfile) and write (screenshot_to) random files, but better
make it explicit so that nobody accidentally does something insecure.
-rw-r--r-- | DOCS/man/ipc.rst | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/DOCS/man/ipc.rst b/DOCS/man/ipc.rst index b488cd738c..83aa018b03 100644 --- a/DOCS/man/ipc.rst +++ b/DOCS/man/ipc.rst @@ -6,6 +6,14 @@ can be enabled by specifying the path to a unix socket using the option ``--input-unix-socket``. Clients can connect to this socket and send commands to the player or receive events from it. +.. warning:: + + This is not intended to be a secure network protocol. It is explicitly + insecure: there is no authentication, no encryption, and the commands + themselves are insecure too. For example, the ``run`` command is exposed, + which can run arbitrary system commands. The use-case is controlling the + player locally. This is not different from the MPlayer slave protocol. + Protocol -------- |