[vlc-devel] [PATCH 2/2] cli: also mark --cli-host as deprecated
Rémi Denis-Courmont
remi at remlab.net
Sun Nov 22 14:58:36 CET 2020
Le sunnuntaina 22. marraskuuta 2020, 14.43.25 EET Pierre Ynard via vlc-devel a
écrit :
> > TCP mode as it stands cannot be kept because it's a trivial RCE (or
> > local escalation on loopback) regardless of the RC implementation.
> > There are only two options, replace it or remove it.
>
> That's a false dichotomy. There are plenty of other options, some of
> which I've already brought up: just deprecating it in the configuration
> and documentation while recommending an alternative, printing big fat
> warnings about unsecured use,
Neither of these options fix the issue. They're just disgraceful lame cop-outs.
> actually securing it with access control,
How? This is the HTTP interface all over again. We arrived at the point where
it requires a password. But if we change the RC to require a password, then we
break compatibility and I call that replacing it.
> leaving it to the administrators to use it only on trusted networks
> or secure it using external tools such as firewalling,
In other words, go back to the ACL model that was tried and failed, not
heeding to our own 15 years of experience with the HTTP interface.
I don't call that a sensible option.
> or even mitigation such as restricting it to localhost.
Not only that leaves a local escalation bug open, but it removes the only
"advantage" of TCP over Unix -- that it works remotely.
There are no merits to that option, are there?
> But you know that since you say "TCP mode as it stands".
--
雷米‧德尼-库尔蒙
http://www.remlab.net/
More information about the vlc-devel
mailing list