[vlc-devel] Lua extension and vlc.misc
remi at remlab.net
Tue Feb 28 21:13:47 CET 2012
Le mardi 28 février 2012 22:07:04 Jean-Baptiste Kempf, vous avez écrit :
> addons.videolan.org can also take .dlls.
Well, that's new and that's bad. This is a major security implication with
potentially quite bad consequences to the reputation of v.o. But it also
incites making Win32-only extensions. So much for being portable.
> Any website can host dlls that are VLC plugin and that can do way more
> than exposing a username in a cache path.
> And we are not going to check all extensions/plugins.
That's why I said already two years ago they should be sandboxed.
But jpeg went "yeah probably" and never actually did anything about it.
More information about the vlc-devel