Control: reopen -1 Hey Sebastian.
On Sun, 2015-05-03 at 01:59 +0200, Sebastian Ramacher wrote: > libbluray now implements a Security Manager for BD-J code. From my point of > view, the addition of the SM fixes this general complaint. Phew.. I wouldn't think so. That would be the first jailing technology where a break-out is impossible. Sandboxes where much more people work upon than it's probably the case for libbluray-bdj are regularly hacked (e.g. Chromium, Firefox, etc.). As I've said in the original report. So I still think that the package description should include a warning what this library actually does, i.e. executing code also specifically meant for DRM, written by an industry which is known to intentionally hack the systems of people, install rootkits for DRM related surveillance, and so on. Even better would be, if there was a critical debconf question which informs the user, and which defaults to an answer the aborts installing the package. Even though I wouldn't know of a concrete security hole in this lib or in the Security Manager you've mentioned, experience showed that such things are a typical entry point for code execution. So I think we should pro-actively "warn" users about this. Therefore reopening the issue for now, until you decide that you don't want to follow the idea with improved package description and/or the debconf question. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
