[FFmpeg-cvslog] Move av_tempfile() into libavutil, it is a generically usefull thing and its small.
Reimar Döffinger
Reimar.Doeffinger at gmx.de
Sun Oct 16 22:51:06 CEST 2011
On 16 Oct 2011, at 22:40, Michael Niedermayer <michaelni at gmx.at> wrote:
> On Sun, Oct 16, 2011 at 10:28:33PM +0200, Reimar Döffinger wrote:
>> On 16 Oct 2011, at 22:16, Michael Niedermayer <michaelni at gmx.at> wrote:
>>> On Sun, Oct 16, 2011 at 09:42:12PM +0200, Reimar Döffinger wrote:
>>>> On Sun, Oct 16, 2011 at 09:35:26PM +0200, Michael Niedermayer wrote:
>>>>> On Sun, Oct 16, 2011 at 09:22:11PM +0200, Reimar Döffinger wrote:
>>>>>> On Sun, Oct 16, 2011 at 05:21:22PM +0200, Michael Niedermayer wrote:
>>>>>>> - fd = open(*filename, O_RDWR | O_BINARY | O_CREAT, 0444);
>>>>>>
>>>>>> Adding O_EXCL should increase security here.
>>>>>> Seems supported at least on Linux and Windows.
>>>>>> Might fail compilation on some systems though.
>>>>>
>>>>> fixed locally
>>>>
>>>> Oh, and did you fix the 0444 mode? That seems both like
>>>> a bad idea and mismatches mkstemp behaviour.
>>>
>>> fixed locally, anything else that needs fixing?
>>
>> Nothing beyond me still having a really bad feeling about this code for now at least.
>
> if you prefer we can move it back to libavcodec and require a flag
> for the cache protocol somehow
I'd appreciate if you could think about the latter at least, I don't know if a cache-URL-redirect within cache-URL could be used for an inode count DOS, and for people like me with only a small in-memory /tmp just the cache itself would lend itself for DOSing /tmp - not sure about the consequences of that though.
As long as TMPDIR/TEMPDIR is not supported I'd warn about that and/generally recommend against using it in any more places at least.
>
More information about the ffmpeg-cvslog
mailing list