docker-unrealircd/conf/dccallow.conf

43 lines
1.8 KiB
Plaintext
Raw Permalink Normal View History

2021-10-12 02:40:30 +03:00
/* Example of a possible semi-secure /DCCALLOW configuration written by Syzop.
* $Id$
*
* Actually nothing is *100% secure*... there could still be
* bugs in the software itself (think: a winamp bug that can
* be exploited via an mp3, or: a wmplayer bug that can be
* exploited via a specially crafted .wmv, etc..).
* If you are really that paranoid you could just remove
* all 'allow dcc'-blocks and prompt the user for EVERY file ;).
*
* Still, I think this file is a good tradeoff between userfriendlyness
* and security. Note that when you try to only DENY specific
* file type (exe, com, etc) you are *guaranteed* to miss ones
* (like: did you know .r17 gets treated as a rar archive?
* and that an exe can be disguished as .cmd which is executable
* on nt/w2k/xp?)
*/
/* first.. deny everything, then allow known-good stuff... */
deny dcc { filename "*"; reason "Possible executable content"; soft yes; }
/* common image formats */
allow dcc { filename "*.jpg"; soft yes; }
allow dcc { filename "*.jpeg"; soft yes; }
allow dcc { filename "*.gif"; soft yes; }
allow dcc { filename "*.png"; soft yes; }
allow dcc { filename "*.bmp"; soft yes; }
/* audio / video (but not scripted/playlists!) */
allow dcc { filename "*.mp1"; soft yes; }
allow dcc { filename "*.mp2"; soft yes; }
allow dcc { filename "*.mp3"; soft yes; }
allow dcc { filename "*.mpg"; soft yes; }
allow dcc { filename "*.mpeg"; soft yes; }
allow dcc { filename "*.m1v"; soft yes; }
allow dcc { filename "*.m2v"; soft yes; }
allow dcc { filename "*.vob"; soft yes; }
allow dcc { filename "*.wav"; soft yes; }
/* text / misc */
allow dcc { filename "*.txt"; soft yes; }
allow dcc { filename "*.log"; soft yes; }
allow dcc { filename "*.pdf"; soft yes; }
allow dcc { filename "*.c"; soft yes; }
allow dcc { filename "*.cpp"; soft yes; }