[Bug 22901] Clarification regarding a potential CDM capable of running arbitrary code

https://www.w3.org/Bugs/Public/show_bug.cgi?id=22901

Glenn Adams <glenn@skynav.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|NEEDSINFO                   |INVALID

--- Comment #3 from Glenn Adams <glenn@skynav.com> ---
(In reply to comment #2)
> (In reply to comment #1)
> > No for two reasons:
> > 
> > (1) code is not embedded in a media stream;
> > (2) the function of the CDM is not to execute code (whether embedded in the
> > stream or not), but to decrypt media content from the media stream;
> > 
> > What specific language in the specification makes you think it does either
> > of these?
> 
> I fail to see how the CDM is going to decrypt media content WITHOUT running
> arbitrary code.

A CDM is an implementation detail of a browser. It is implemented by the
browser manufacturer either by using code written by the manufacturer or code
integrated by the manufacturer. It is not arbitrary and it is not obtained from
the media stream.

> 
> However, as far as code being run with the same privileges as the
> user-agent, 1.2.1 does point out:
> > Implementations may or may not separate the implementations of CDMs and may or may not treat them as separate from the user agent.

This simply means that the code that implements a CDM may be directly bound
into the browser's binary or it may be a distinct binary linked at run time
(like a device driver).

How a specific browser manufacturer decides to integrate a CDM, and which CDMs
are integrated (either in a bound or unbound fashion) is up to the
manufacturer. The EME specification doesn't care either way.

So, as you can see, this is not a case of running arbitrary code, since the
browser manufacturer has complete control over what code they choose to
integrate.

Note that it may be the case in certain CDMs that the CDM's code and execution
is delegated to the platform or even to a special hardware processor where the
details of the platform/hardware implementation aren't available to the browser
manufacturer. However, this is no different from a browser manufacturer making
use of other platform APIs (like device drivers) for which the browser doesn't
have code access. In other words, in these cases, the browser manufacturer
effectively "trusts" the platform code to perform some advertised function
(like decrypting a block of data).

Since your response indicates that your original filing of this bug was based
on a misunderstanding of the spec, I am moving this bug from RESOLVED/NEEDSINFO
to RESOLVED/INVALID. If you would like further action, you need to propose a
specific change to the specification as written.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Thursday, 8 August 2013 16:21:39 UTC