[vlc-devel] Lua extension and vlc.misc

Rémi Denis-Courmont remi at remlab.net
Tue Feb 28 21:13:47 CET 2012

Le mardi 28 février 2012 22:07:04 Jean-Baptiste Kempf, vous avez écrit :
> addons.videolan.org can also take .dlls.

Well, that's new and that's bad. This is a major security implication with 
potentially quite bad consequences to the reputation of v.o. But it also 
incites making Win32-only extensions. So much for being portable.

> Any website can host dlls that are VLC plugin and that can do way more
> than exposing a username in a cache path.
> And we are not going to check all extensions/plugins.

That's why I said already two years ago they should be sandboxed.

But jpeg went "yeah probably" and never actually did anything about it.

Rémi Denis-Courmont

More information about the vlc-devel mailing list