[vlc-devel] vlc: svn commit r24342 (funman)
Rafaël Carré
funman at videolan.org
Wed Jan 16 19:18:01 CET 2008
Le Wed, 16 Jan 2008 19:58:24 +0200,
Rémi Denis-Courmont <rdenis at simphalempin.com> a écrit :
> Le Wednesday 16 January 2008 19:52:00 Rafaël Carré, vous avez écrit :
> > Ok it MAY look wrong at first sight, but please come with a REAL
> > failure example.
>
> I don't want hackers to:
> - up the volume and explode my ears or otherwise change my audio HW
> settings,
I hope you don't run flash.
> - change the CDDB server so they can learn what CDDA I am playing,
But they know already, since they control VLC, no ?
> - change the record filter path!!! (arbitrary file overwrite anyone?),
if( asprintf( &p_sys->psz_file, "%s %d-%d-%d
%.2dh%.2dm%.2ds.%s", ( psz_name != NULL ) ? psz_name : "Unknown",
l.tm_mday, l.tm_mon+1, l.tm_year+1900,
l.tm_hour, l.tm_min, l.tm_sec,
p_sys->psz_ext ) == -1 )
Oh my god it can overwrite such named files !
> - change the TLS settings (nevermind it was supposed to be secure),
again, they do control VLC
> - enable automated multicasting of my outgoing UDP flow...
feel free to correct this one.
> Every second setting seems wrong to me.
Thanks you so much for respecting my work, you lazy bastard.
--
Rafaël Carré
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20080116/39e12aa3/attachment.sig>
More information about the vlc-devel
mailing list