[vlc-devel] [PATCH 1/4] [RFC] direct3d11: add a way to (re)store the device in the global context
Remi Denis-Courmont
remi at remlab.net
Tue Nov 21 16:34:01 CET 2017
Le 2017-11-21 12:13, Steve Lhomme a écrit :
> Given our DLL security model it's not possible to have the device
> handled by a separate DLL. Modules can only load DLLs from System32 on
> Windows.
For the last time, do not call that a security model. This is utterly
misleading; it just gives a false sense of security to users and
developpers. If it were a security feature, VLC.exe would NOT load
libvlc.dll, then libvlccore.dll then plugins from its installation
directory. Not to mention a whole bunch of other things that indirectly
lead to RCE in there.
I do not deny that LibVLC.dll should load LibVLCcore.dll, plugins, data
and underlying libraries from *its* directory rather than from the
application directory. But good luck getting that to work on Windows.
And in the mean time, it is an unimplemented feature, so it is rather
disturbing if you consider it a security issue.
> So another way to use a DLL could be to load it as a separate module
> with specific callbacks.
You can also do that. It requires much more boilerplate code and is
slower.
--
Rémi Denis-Courmont
More information about the vlc-devel
mailing list