[FFmpeg-devel] modification time in libavformat (.MOV files)

Michael Niedermayer michaelni at gmx.at
Sat Feb 15 21:02:24 CET 2014 

On Fri, Feb 14, 2014 at 07:39:18PM -0800, Alex Sukhanov wrote:
> On Fri, Feb 14, 2014 at 4:47 PM, Michael Niedermayer <michaelni at gmx.at>wrote:
> 
> > On Fri, Feb 14, 2014 at 07:18:13PM +0100, Ayke van Laethem wrote:
> > > Hi,
> > >
> > > I have been working on a patch to fix a bug I discovered in the saving
> > > of .MOV files. In short, the creation time of individual streams isn't
> > > copied as it says they will be (it is copied from the output .MOV file
> > > instead, which is null if -map_metadata isn't used), and modification
> > > time is set to the creation time.
> > >
> > > This SuperUser post is in part about this issue:
> > >
> > http://superuser.com/questions/510578/when-spliting-mp4s-with-ffmpeg-how-do-i-include-metadata
> > > I can add a way to reproduce the issue if needed. I will certainly do
> > > that before (or while) submitting the patch.
> > >
> > > The patch I wrote seems to work correctly, but fate fails. I assume
> > > this is because the metadata is changed so the output file has a
> > > different hash than what fate expects. Updating the hash so it
> > > includes the correct creation_time should be easy, but the
> > > modification time will be different each time.
> > > So here is the question. Should the modification time be set at all? I
> > > think it would be the more 'correct' way to go, but it makes testing
> > > harder. If modification time will be set, how should testing be done?
> >
> > storing the current time in files without the users knowledge poses
> > a risk to privacy and security.
> >
> >
> > [...]
> > --
> > Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
> >
> > it is not once nor twice but times without number that the same ideas make
> > their appearance in the world. -- Aristotle
> >
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel at ffmpeg.org
> > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
> >
> Sorry for dumb question, but what is a risk to privacy and security?

time and location allow indentfying a person in some/many cases
so storing time without the person knowing gives half the information
needed to identify the person. Now the location can possibly be
identified from the video content.

security wise, storing the time in files leaks information about
the system clock. which could be helpfull to any attack that needs
to be timed pricessely or could be feedback for an attack involving
NTP. Iam no expert in this stuff iam sure there are others who could
provide better examples


[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

You can kill me, but you cannot change the truth.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140215/764b21c5/attachment.asc>

More information about the ffmpeg-devel mailing list