[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: CVE request: BD-J implementation in libbluray
From:       Florian Weimer <fw () deneb ! enyo ! de>
Date:       2015-03-01 10:50:34
Message-ID: 871tl9vvnp.fsf () mid ! deneb ! enyo ! de
[Download RAW message or body]

* Sven Schwedas:

> On 2015-02-23 10:34, Jean-Baptiste Kempf wrote:
>> On 23 Feb, Florian Weimer wrote :
>>> Yes, I do think full sandboxing is required because content publishers
>>> have attacked end user system integrity in the past, so I don't think
>>> they can be trusted.
>> 
>> BD-J code comes from Blu-Rays. Downloading non-official blurays and
>> executing it is like taking random binaries from internet and running
>> them.
>
> And the Sony rootkit came from official, store-bought discs …

Someone seems to have worked independently on a proof of concept for
this issue:

<https://www.nccgroup.com/en/blog/2015/02/abusing-blu-ray-players-pt-1-sandbox-escapes/>
[prev in list] [next in list] [prev in thread] [next in thread]