[MPlayer-dev-eng] [PATCH] demux_lavf: add urlprefix suboption.
Nicolas George
nicolas.george at normalesup.org
Tue Apr 30 00:01:54 CEST 2013
Le decadi 10 floréal, an CCXXI, Reimar Döffinger a écrit :
> Yes there is an adverse effect, that it allows access to files that
> should not be accessed.
> Whether this is /dev/cdrom or /dev/modem or similar stuff.
> FFmpeg doesn't care but I still consider the FFmpeg's linked file
> support quite a security risk and the main reason why the mp: prefix
> is still there even though the protocol is gone.
> There is not any API to filter allowed file names for example either in
> FFmpeg.
I understand your concern, and share it to a certain extent, but
unfortunately it does not work. The "mp:" will block lavf from accessing
chained files when the path is relative, but it will have no effect for
absolute paths. For example, consider the following file:
#EXTM3U
#EXT-X-VERSION:3
#EXT-X-TARGETDURATION:1
#EXT-X-MEDIA-SEQUENCE:0
#EXTINF:1,
/dev/urandom
#EXT-X-ENDLIST
Running mplayer on it will open /dev/urandom (which it does not normally).
Worse files would get opened just as well.
On the other hand, it prevents the concat format from working, even though I
made sure it can not be used to open arbitrary files (but if you think I
botched it, please let me know).
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/attachments/20130430/2b82c96c/attachment-0001.asc>
More information about the MPlayer-dev-eng
mailing list