I'm assuming MPlayer creates some sort of socket, if the executed program doesn't create the socket within "X" seconds the plugin could fallback to "mplayer".  I think we could also check to see what user we're running under and fail to honor the option if the plugin is running as root.

Erich Hoover
ehoover@mines.edu

Kevin DeKorte wrote:
Yan,

This is a mild security / allows people to do stupid things risk. There is 
nothing that prevents people from setting mplayer-bin equal to "rm -rf /" or 
something else like that. If you look back into the archives we originally 
had this feature and found this possibility.

So I guess we need to ask ourselves how big of a threat is this? And what if 
anything should be done to allow people not to do something too stupid.

Here is from the ChangeLog (look at the ***'s)
v0.35
	Removed RealPlayer from description for now
	Added support for "loop" command and respect it
	Added config file options: use-gmplayer,noembed,vo,ao
		use-gmplayer	uses gmplayer over mplayer, flaky.
				A separate, unsupported patch to mplayer
				is needed to make this work. Also the
				mini-skin for mplayer is recommended.
		noembed		shows mplayer in separate window
		vo		overrides mplayer config
		ao		overrides mplayer config
****	Dropped config file option: player
****		It allowed people to do stupid things ie: player=ls
	Changed config file seek order
                $HOME/.mplayer/mplayerplug-in.conf
                $HOME/.mozilla/mplayerplug-in.conf
		/etc/mplayerplug-in.conf
	Added code to make rtl.de sites work
	Added new mimetype: application/x-drm-v2


v0.34
	Found a crash that was occuring in NPP_Destroy
	Added a config file option	"player"
		ie:	player=mplayer	(default)
			player=gmplayer	(does not work yet)
		If you have an app that can take mplayers command line it should work here


Kevin



On Thursday 02 December 2004 11:42 am, Yan Seiner wrote:
  
Kevin DeKorte wrote:
    
Yan,

Glad I could help... :) BTW, that was going to be my recommendation. Also
the current CVS version changes the file:// urls' a little.

basically:  file:///path/to/some/file	opens /path/to/some/file

and	file://host/path/to/some/file	opens smb://host/path/to/some/file
      
Kevin:

I've taken the liberty of writing a small patch to add a mplayer-bin
option to the config file.  If left out, the plug-in defaults to the
previous behavior - i.e. using "mplayer" as the default binary.

If the mplayer-bin= option is used in the config file, the plug-in will
use whatever executable name is specified.

The format can be either

mplayer-bin=/usr/bin/mplayer

or

mplayer-bin=$HOME/mybin/mplayer

or (as in my case)

mplayer-bin=/usr/local/bin/mplayer.wrapper

I don't think I missed anything obvious, though this is my first foray
into c++...  :-)

If you choose to use it, it's released under the same GPL terms as the
rest of the plug-in.

--Ya
n