[vlc-devel] [PATCH 14/14] upnp_server: add the upnp server module

Rémi Denis-Courmont remi at remlab.net
Wed Mar 24 14:44:52 UTC 2021

Le tiistaina 23. maaliskuuta 2021, 20.36.17 EET Alaric Senat a écrit :
> Hi,
> I think Sean's concern was unrelated to the UPNP server and more to the
> way the medialibrary is accessible to every modules even those that
> shouldn't have to deal with it (decoders, muxers, etc.)

Sean's mail was not that specific. It just points out in a rhetorical question 
that access to the media library should be restricted.

> The UPNP server doesn't expose the main playlist. However, what it does
> expose is the medialibrary which raises the same problematics you are
> talking about I think.

Fair enough, whatever. Playlist, media library, local file system, it all 
faills under the same umbrella of private user data. It can only be shared to 
authorized peers.

> Basically what it mean is that, with the default setup of the ml, if
> the upnp server module gets loaded by error or by an untrusted source,  it
> exposes the media content of `~/Music/`, `~/Movie/` and potentially other ml
> lookups entry points on the local network.

No way. We've already been through this with the HTTP interface. And that was 
literally 18 years ago, before Cambridge Analytica or Snowden, and before the 
law took data protection seriously.

We simply cannot just expose user data to the network unauthorized. 18 years 
ago, the password protection of the HTTP interface would have been barely 
adequate. Nowadays, it's piss poor.

We can't merge something with even *worse* security in 2021.

> This issue can be a bit less of a problem if we:
> 	- Clearly notify the user that their upnp server is running, via 
the UI for     instance.

Sorry but no. That does not help at all. In all likelihood the computer is 
unattended, VLC is not visible, or the user won't pay attention.

Besides, it's not a problem of *when* UPnP is enabled. It's a problem of *who* 
can do *what* with it. Stating the obvious here, but authorized and 
unauthorized clients will coexist.


More information about the vlc-devel mailing list