[FFmpeg-devel] [PATCH 3/4] avformat/concat: Add concat_enable option that is disable by default
Michael Niedermayer
michael at niedermayer.cc
Wed Mar 16 23:56:31 CET 2016
On Wed, Jan 20, 2016 at 05:06:37PM +0100, Nicolas George wrote:
> Le primidi 1er pluviôse, an CCXXIV, Michael Niedermayer a écrit :
> > From: Michael Niedermayer <michael at niedermayer.cc>
> >
> > This should prevent the unintended use of concat
>
> I am rather against this patch and the corresponding for subfile: these
> protocols are not harmful by themselves, they are dangerous if and only
> another protocol or format allows untrusted sources to provide arbitrary
> URLs. This kind of preemptive blacklisting is bound to fail (new protocols
> are added frequently, and they may be more dangerous than just concat or
> subfile) and only mitigates a few of the possible attacks.
it seems some people disagree about this:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811519
it would be nice to have this resolved, either by disabling concat
by default in releases branches prior to whitelists or this bug report
being closed as invalid or whatever the appropriate state is
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
In a rich man's house there is no place to spit but his face.
-- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20160316/0e6e0535/attachment.sig>
More information about the ffmpeg-devel
mailing list