Bug#738554: libbluray-bdj security issues
Christoph Anton Mitterer
calestyo at scientia.net
Mon May 4 14:39:28 UTC 2015
On Mon, 2015-05-04 at 07:42 +0200, Fabian Greffrath wrote:
> It should be handled on the application level. The library's job is to
> parse and execute that stuff, not user interaction.
Well that's just the point.. I think this *is* a user decision.
"Do you want to execute foreign code?"
Nothing that the system could decide for the user.
It's - as I've said - similar to the Java Plugin case, where the user is
asked either.
> Maybe because it will be über-annoying to have to click away a debconf
> question each time you install e.g. "vlc" because you want to watch a
> DVD or listen to music or something else? Who will be really qualified
> to properly answer a question about such an implementation detail of the
> Bluray standard upon installation of a probably entirely unrelated
> package?
Not really a problem, is it? That question would be only asked once on
the first installation, and people could then either follow the default
choice or one could provide a "simple" explanation as well
> This will be about as helpful as the "certificate exception" click-away
> dialog in Firefox
Well but that dialogs are important... if you don't have them, TLS would
be even more useless than it already is.
And if a user is stupid and clicks it blindly away without
reading/understanding - his fault.
But not a reason that those have to suffer as well, who properly do
their homework.
> Alright, fine. But how about this for libc6?
>
> "This library contains string manipulation functions that may read
> and/or write beyond array boundaries and are known to be exploitable.
> They may be called by foreign and even malicious code and even if they
> are run in a virtualization environment [...]"
That's quite a difference... because for the later you still need to
first get some code locally where you do this.
If you install some software, which uses any C lib function
insecurely... well that's a security hole.
But here we just play a video, nothing where one would naturally assume
that foreign code get's executed.
As I've said,.. simply compare it with the Java Web Plugin example.
It's basically the same, conceptually.
Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20150504/51fc8caa/attachment.bin>
More information about the pkg-multimedia-maintainers
mailing list