-
Notifications
You must be signed in to change notification settings - Fork 0
/
dccallow.conf
42 lines (41 loc) · 1.9 KB
/
dccallow.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
/* Example of a possible semi-secure /DCCALLOW configuration written by Syzop.
* $Id: dccallow.conf,v 1.1.2.4 2007/06/29 22:39:44 Trocotronic Exp $
*
* Actually nothing is *100% secure*... there could still be
* bugs in the software itself (think: a winamp bug that can
* be exploited via an mp3, or: a wmplayer bug that can be
* exploited via a specially crafted .wmv, etc..).
* If you are really that paranoid you could just remove
* all 'allow dcc'-blocks and prompt the user for EVERY file ;).
*
* Still, I think this file is a good tradeoff between userfriendlyness
* and security. Note that when you try to only DENY specific
* file type (exe, com, etc) you are *guaranteed* to miss ones
* (like: did you know .r17 gets treated as a rar archive?
* and that an exe can be disguished as .cmd which is executable
* on nt/w2k/xp?)
*/
/* first.. deny everything, then allow known-good stuff... */
deny dcc { filename "*"; reason "Possible executable content"; soft yes; };
/* common image formats */
allow dcc { filename "*.jpg"; soft yes; };
allow dcc { filename "*.jpeg"; soft yes; };
allow dcc { filename "*.gif"; soft yes; };
allow dcc { filename "*.png"; soft yes; };
allow dcc { filename "*.bmp"; soft yes; };
/* audio / video (but not scripted/playlists!) */
allow dcc { filename "*.mp1"; soft yes; };
allow dcc { filename "*.mp2"; soft yes; };
allow dcc { filename "*.mp3"; soft yes; };
allow dcc { filename "*.mpg"; soft yes; };
allow dcc { filename "*.mpeg"; soft yes; };
allow dcc { filename "*.m1v"; soft yes; };
allow dcc { filename "*.m2v"; soft yes; };
allow dcc { filename "*.vob"; soft yes; };
allow dcc { filename "*.wav"; soft yes; };
/* text / misc */
allow dcc { filename "*.txt"; soft yes; };
allow dcc { filename "*.log"; soft yes; };
allow dcc { filename "*.pdf"; soft yes; };
allow dcc { filename "*.c"; soft yes; };
allow dcc { filename "*.cpp"; soft yes; };