- From: <bugzilla@jessica.w3.org>
- Date: Tue, 19 Feb 2013 21:47:42 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=20960 --- Comment #6 from Mark Watson <watsonm@netflix.com> --- (In reply to comment #5) > (In reply to comment #3) > > The architecture is such that the CDM is able only to output decoded media > > data to rendering/compositing functions. It does not have access to user > > input or control of the rendering/compositing of its output. > > The architecture of the CDM is not defined. It does appear to have > privileged access to the system, the path to the monitor pixels, and could > well have access to all system resources including storage. Please defined > the scope of the CDM privileges to that your claims can be assessed. What I wrote is the intention of the architecture. We can clarify this in the specification, if it helps. But what access the CDM has depends entirely on the UA implementation (for CDMs embedded in UAs) or the Operating System/platform (for CDMs embedded there). > > > Therefore it would not be possible to implement an entire HTML engine within > > a CDM, according to the specification. > > This is not believable, the scope of the CDM is not defined, but taking a > guess it appears quite practical. I don't understand what you expect us to say in the specification to address this ? Obviously, UA implementors can do what they like: for example allowing CDMs to operate totally outside any kind of security sandbox. I don't expect any of them to do that and it's not necessary to meet the goals so, presumably, they will put the CDM in an appropriate sandbox or otherwise constrain what it can do. It's a mistake to think that this is a generic plugin architecture for arbitrary code. I expect UAs to be very careful about which CDMs they support and what they do. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Tuesday, 19 February 2013 21:47:44 UTC