[vlc-devel] vlc: svn commit r24345 (damienf)

Damien Fouilleul damien.fouilleul at laposte.net
Wed Jan 16 23:01:33 CET 2008

On 16 Jan 2008, at 19:47, Rémi Denis-Courmont wrote:

> Le Wednesday 16 January 2008 21:30:14 Subversion daemon, vous avez  
> écrit :
>> - most vlc options are considered safe, only a handful are  
>> particularily
>> unsafe and need be declared as such in their definition (they  
>> mostly deal
>> with writing to an output file or URL)

> A huge range of options are either arguably bad, or just non-sense  
> (because
> any sane value can't be known by a web server). All of the people  
> who gave
> their opinion, besides yourself, wanted to go for whitelisting, not
> blacklisting.

outside of the list i've already blacklisted, do you know of any such  
'combinations'.  I'm not sure what you really mean with your web  
server example, please give a concrete example.

> With blacklisting, we are 99,9% sure that someone will find yet  
> another
> harmful combination after then next release, especially as we start  
> adding
> new options and forget thinking about their security implications.

What you really are advocating is that some developers are more  
'enlightened' than others, and that basically until some code has been  
approved by a 'committee'  it is considered unsafe, etc...

i've nothing against code review, but its scope definitely spans  
beyond option definition and use, one can write code which is quite  
unsafe and and make use of no option.

VLC quality is refined and improved by the fact that the code is open  
source, anyone can review it and make comments and provide patches to  
improve its usefulness, security, etc... for me this is a good enough  
approach to code review and it has been proven to be quite successful,  
Linux is a testament to that.

> I'd rather ban harmless option (that probably nobody uses) until the  
> next
> release than allow harmful ones.

Whitelisting solves nothing, it's just a pessimistic approach as you'd  
rather sacrifice functionality for an alleged sense of security.  
Basically, it's just paranoia.

I'm not saying that my approach is the ultimate solution to security,  
unfortunately, there is no such solution. It's just an improvement on  
what is currently in place, and provides IMHO a balanced trade-off  
between usability, security and code complexity.

If you think you got a better solution, please be my guest ....


> -- 
> Rémi Denis-Courmont
> http://www.remlab.net/
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> http://mailman.videolan.org/listinfo/vlc-devel

More information about the vlc-devel mailing list