Kieran Kunhya
π€ SpeakerAppearances Over Time
Podcast Appearances
You're part of a botnet.
Yeah.
a core with around 500 plugins, right?
One of them is FFmpeg, but we support so many other formats, we support new protocols, we support new filters, we support weird architectures.
And in this release of VLC, you have modules that are going to call your drivers, right?
Mostly the hardware decoders, which are going to call your Intel, your Nvidia, your AMD driver.
and all calling FFmpeg, right?
And there might be a security issue.
There might be a security issue in the shader.
There might be a security issue in VLC, in FFmpeg that is going to basically crash.
The issue is that you're running VLC like every other program, like Adobe, right?
You're running it
on your machine and it has access to all your documents, right?
So the idea is to be sure that you do a sandbox so that we can protect from ourselves because inside the VLC process is running some code that is not even ours.
Either it's open source for other projects that we integrate in VLC or it's your GPU driver or something that is provided by someone else inside.
And so when we crash,
we want to not allow people to do bad things, right?
Because one of the common way of hacking people is to crash a program, very often done with a web browser, very often done with PDF files, less often with multimedia, but that could happen.
And when you crash, you launch something on the machine of the person.
Could be a ransomware, could be a botnet, right?