[vlc-devel] Playlist item options security et al
Rémi Denis-Courmont
rem at videolan.org
Tue Dec 25 11:53:50 CET 2007
Le lundi 24 décembre 2007, Pierre d'Herbemont a écrit :
> Yes. I have a dummy patch for that, what do you think?
As was pointed out already, I would not dare call it "IsSecure".
I think we should rather have a new input_ItemAddSafeOption entry or
whatever the name, that only adds a white-listed option. We also need
to use this with the browser plugins. These are probably worse a
vulnerability than the Freebox thingy.
> My concern is that it is a bit silly to consider to keep a list of all
> the safe options in core, whereas those are defined in the modules...
It would be fairly easy to add a safe flag inside the per-plugin
configuration rather than in a centralized list. I believe this does
not create any extra problem, since any activated plugin has full
control over the process when invoked anyway.
--
Rémi Denis-Courmont
http://www.remlab.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20071225/893671d6/attachment.sig>
More information about the vlc-devel
mailing list