[FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist
george at nsup.org
Sun Jan 24 21:32:59 CET 2016
Le quintidi 5 pluviôse, an CCXXIV, Andreas Cadhalpun a écrit :
> No. It would have prevented the issue with hls.
Reacting to known attacks by ad-hoc hole-plugging is no way of building
> But it's usually only used with local files.
I do not know that. Do you?
> Why not?
Because remote files can be more sensitive than local ones. Because some
environment may download files, turning remote to local.
I do not know, but you can assume that someone knows and is selling that
information to the highest bidder.
We know that playlists can be abused to leak information. Reimar was warning
about it years ago. People implemented them nonetheless, and guess what, it
did cause information leak.
Now, your reaction is among the lines "the burglar left a footprint in front
of that window, let us wall it". I say no, walling is overkill, and walling
only that particular window is useless. We need to properly lock all the
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: Digital signature
More information about the ffmpeg-devel