[vlc-devel] vlc: svn commit r24342 (funman)

[Rémi Denis-Courmont]

Le Thursday 17 January 2008 15:50:05 Rafaël Carré, vous avez écrit :
> > > But they know already, since they control VLC, no ?
> >
> > Maybe there is a Javascript API that I haven't heard of, which can
> > access the CD drive, but for some reason, I doubt it.
>
> My point is since a webpage launched the vlc instance, it can play
> whatever it wants.

I still fail to see why it should be able to direct CDDB requests anywhere. 
Playing anything is not the same thing as knowing anything about what you're 
playing.

> > Should the thing be allowed to store large files anywhere (as in, on
> > any partition, inside any directory)? Plus having a restrictive
> > filename does not mean the problem is not there, won't be published
> > on bugtraq, and won't give VLC its (deserved) reputation as one of
> > the least secure media player.
>
> I just didn't consider this feature harmful. What I checked is that it
> wouldn't be able to overwrite system files.

With this kind of thinking, we'd never fix security issues involving temporary 
file and/or symbolic links.

> Again, since the items played by VLC are controlled by the webpage
> running the plugin instance, I didn't consider changing the
> certificates used to authentify the item played was harmful.

Never mind it breaks the whole TLS security.

> > Thank you so much for ensuring that VLC gets kicked out of every
> > open-source operating system distributions.

> The trunk is public, so everyone can check the different commits before
> it gets released.

And how does that solve my concern? Distributions/packagers have more 
important and interesting things to do than fix the security issues in VLC. 
Packaging less insecure media players for instance.

-- 
Rémi Denis-Courmont
http://www.remlab.net/