[vlc-devel] libvlc_media_option_trusted and security
Shane Phelan
streamey at gmail.com
Tue Sep 18 18:02:40 CEST 2012
Are there changes that could be made that would satisfy the security
concerns?
I'm want to explore creating UI so that the user has to select the file
path themselves where the plugin could write the file. It would also
disallowed the file record via playlist options and if it's possible set
the libvlc_media_option_trusted only at runtime when a record button was
pressed so that someone couldn't run rogue javascript without the user
knowing?
On Fri, Sep 14, 2012 at 2:48 PM, Jean-Baptiste Kempf <jb at videolan.org>wrote:
> On Fri, Sep 14, 2012 at 08:56:59AM -0400, Shane Phelan wrote :
> > My question is were these vulnerabilities of the implementation of this
> > flag and methods or simply that any time you give a web plug-in R/W
> access
> > to disk you have a security issue?
>
> Mostly that you can overwrite any Win32 dll...
>
> Best regards,
>
> --
> Jean-Baptiste Kempf
> http://www.jbkempf.com/ - +33 672 704 734
> Sent from my Electronic Device
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> http://mailman.videolan.org/listinfo/vlc-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20120918/1663e4b5/attachment.html>
More information about the vlc-devel
mailing list