<div id="geary-body" dir="auto"><div>Hi,</div><div><div><br></div><div><div>I think Sean's concern was unrelated to the UPNP server and more to the way</div><div>the medialibrary is accessible to every modules even those that shouldn't</div><div>have to deal with it (decoders, muxers, etc.)</div></div><div><br></div><div>On Tue, Mar 23, 2021 at 13:42, Rémi Denis-Courmont <remi@remlab.net> wrote:<br><blockquote type="cite"><div class="plaintext" style="white-space: pre-wrap;">In particular, you obviously can't just expose the content of the playlist to
the network without strong authentication.</div></blockquote></div><div><span style="white-space: pre-wrap;"><br></span></div><div><span style="white-space: pre-wrap;">The UPNP server doesn't expose the main playlist. However, what it does
expose is the medialibrary which raises the same problematics you are talking
about I think.
</span></div><div><br></div><div><span style="white-space: pre-wrap;"><br></span></div><div>On Tue, Mar 23, 2021 at 13:42, Rémi Denis-Courmont <remi@remlab.net> wrote:<br><blockquote type="cite"><div class="plaintext" style="white-space: pre-wrap;">Not at all. It's not about preventing the UPnP code within the same VLC
instance from accessing the playlist. It's about restricting remote access to
the playlist through the UPnP code. The UPnP code can very well restrict
itself what of the playlist it exposes, without any process isolation.</div></blockquote><br></div><div><span style="white-space: pre-wrap;">The current implementation of the server exposes most of the medialibrary (ml)
content.
Basically what it mean is that, with the default setup of the ml, if the upnp
server module gets loaded by error or by an untrusted source, it exposes
the media content of `~/Music/`, `~/Movie/` and potentially other ml
lookups entry points on the local network.
This issue can be a bit less of a problem if we:
- Clearly notify the user that their upnp server is running, via the UI for
instance.
- Add ml content exposure restrictions in the upnp server where it, by
default, exposes nothing and the user has to specify exactly what content
he wants exposed at each server startup (if that's the kind of restrictions</span></div><div><span style="white-space: pre-wrap;"> you are talking about).</span></div></div><div><br></div><div>Regards,</div></div>