[vlc-devel] [PATCH 1/2] cli: remove TCP mode (--rc-host)
Alexandre Janniaux
ajanni at videolabs.io
Sat Nov 21 16:49:43 CET 2020
Hi,
On Sat, Nov 21, 2020 at 04:04:58PM +0200, Rémi Denis-Courmont wrote:
> Le lauantaina 21. marraskuuta 2020, 13.10.20 EET Alexandre Janniaux a écrit :
> > Hi,
> >
> > That's litterally my only use case for the Cli interface
> > and was a point that I shared and used for the transition
> > from lua RC to C RC. If this is to be merged, then there's
> > no point in replacing the lua RC and I'll vote for restoring
> > the lua RC.
>
> That's literally an RCE in disguise, and it's equally a problem with Lua or C.
> This has nothing to do with which language to use. This needs to be removed
> either way.
>
> Do I need to file a CVE for people to start caring about security?
I think you need to at least discuss it during a meeting
with everybody to remove a feature used by other devs, yes.
Will you remove playlist support because you can add option
afterwards? At least with a CVE you would define a threat
model.
Regards,
--
Alexandre Janniaux
Videolabs
More information about the vlc-devel
mailing list