[vlc-devel] Lua extension and vlc.misc
Kaarlo Räihä
kaarlo.raiha at gmail.com
Tue Feb 28 21:00:23 CET 2012
28. helmikuuta 2012 21.41 Jean-Baptiste Kempf <jb at videolan.org> kirjoitti:
> On Tue, Feb 28, 2012 at 08:31:13PM +0200, Kaarlo Räihä wrote :
> > Do these contain full paths? (e.g. /home/myname or
> c:\users\peter.jackson)
> > Because some people might complain about privacy violations, like they
> did
> > with automatic album art downloads.
>
> This statement about privacy of folders is even more ridiculous, that any
> .dll plugin of VLC has access to all of those.
> And plugins can be automatically loaded, with the right score. While, by
> default extensions are not loaded.
> And we do not sign .dlls.
>
> Compiling a VLC plugin.dll is quite simple and the audit of C code is
> harder than a lua one.
>
http://addons.videolan.org/
If there is an official site where people can download LUA script, then
someone can abuse that. And yes, LUA has been abused before
http://securityresponse.symantec.com/norton/antivirus-gaming/articles/details.jsp?aid=article_13
Most people don't know what LUA can do (or what it can't do). In forums
people have downloaded YouTube scripts made by someone, and I am sure most
of them don't know even what those scripts do.
>
> --
> Jean-Baptiste Kempf
> http://www.jbkempf.com/ - +33 672 704 734
> Sent from my Electronic Device
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> http://mailman.videolan.org/listinfo/vlc-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20120228/7f705f50/attachment.html>
More information about the vlc-devel
mailing list