adobe flash 0-day
Wolfgang S. Rupprecht
wolfgang.rupprecht at gmail.com
Wed Sep 15 17:30:06 UTC 2010
Bruno Wolff III <bruno at wolff.to> writes:
> On Wed, Sep 15, 2010 at 09:25:25 -0700,
> "Wolfgang S. Rupprecht" <wolfgang.rupprecht at gmail.com> wrote:
>>
>> If flash is now very unsafe, is there a working alternative yet? Is
>
> Adobe's flash player has been unsafe for a very long time and I don't expect
> that to change anytime soon.
Yea. This latest f-up finally drove the point home for me. It was time
to bite the bullet and do an "rm $(locate libflashplayer.so)" and not
look back.
> There are a few open source flash players available. They seem to be buggy
> and don't support the latest version of flash very well. Also for Fedora,
> h264 is patented and prevents support of that codec (commonly used in
> flash) in the distro. Though people in some areas of the world can use
> the codec support from RPMFusion.
I do recall using mplayer to play youtube *.flv videos at one point but
it was a real pain in the neck to dig the obfusciated video url out of
the javascript in order to download the *.flv file.
I'm hoping that there already is some flash plugin that can spawn a
safer external player to play the videos. From a security standpoint I
imagine an external player should be quite a bit safer since it can be
sandboxed with a powerless UID and/or selinux to have just enough
permission to open a window and read the one video file.
-wolfgang
--
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/ (IPv6-only)
More information about the users
mailing list