[vlc-devel] Playlist item options security et al

Rémi Denis-Courmont rem at videolan.org
Tue Dec 25 11:53:50 CET 2007

Le lundi 24 décembre 2007, Pierre d'Herbemont a écrit :
> Yes. I have a dummy patch for that, what do you think?

As was pointed out already, I would not dare call it "IsSecure".

I think we should rather have a new input_ItemAddSafeOption entry or 
whatever the name, that only adds a white-listed option. We also need 
to use this with the browser plugins.  These are probably worse a 
vulnerability than the Freebox thingy.

> My concern is that it is a bit silly to consider to keep a list of all
> the safe options in core, whereas those are defined in the modules...

It would be fairly easy to add a safe flag inside the per-plugin 
configuration rather than in a centralized list. I believe this does 
not create any extra problem, since any activated plugin has full 
control over the process when invoked anyway.

Rémi Denis-Courmont
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20071225/893671d6/attachment.sig>

More information about the vlc-devel mailing list