From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [PATCH 0/5] Add IPFS and IPNS protocol support
Date: Wed, 2 Feb 2022 14:48:42 +0100
Message-ID: <20220202134842.GO2829255@pb2> (raw)
In-Reply-To: <42c71b6ad837536b2f5a012a7f2d5819b6437249.camel@acc.umu.se>
[-- Attachment #1.1: Type: text/plain, Size: 2150 bytes --]
On Tue, Feb 01, 2022 at 05:43:24PM +0100, Tomas Härdin wrote:
> tis 2022-02-01 klockan 11:06 +0100 skrev Michael Niedermayer:
> > On Mon, Jan 31, 2022 at 09:22:52PM +0100, Tomas Härdin wrote:
> > [...]
> > > It strikes me that this borders on incorporating business logic
> > > within
> > > lavf. A user could achieve the same thing with a small shell
> > > script.
> > > For example adding an alias that inspects calls to ffmpeg and sed:s
> > > ipfs:// URLs accordingly
> >
> > That sounds like a security nightmare
>
> Parsing shit in C is a far bigger nightmare I can assure you. The
> command line can leverage sed and the regex in the URL RFC.
the problem is if you parse it on the command line and change it
before passing it to ffmpeg. You really need to have ffmpeg and
the command line parse it 100% exactly the same. If theres a
difference you can introduce security issues. because things in the
commend line that are not intended to be changed by an attacker
could become changeable by parser differences, this involves also
issues with artgument seperators being parsed or not parsed as urls
for example a filter argument could be a URL or it could be a generic
string the command line wraper would have to know this difference.
metadata and drawtext will behave interresting if they display
ipfs: and keep in mind on top here the : is a argument seperator
for filters so a real url ipfs link as filter argument would have the :
escaped in some way. The command line tool would need to fully
handle all escaping and unescping we use in every argument and it would
need to have a list of what holds an url and what doesnt.
Noone will implement this in a 100% correct form with sed and regex
anyone trying will long before run naked through the streets and flap
her/his hands as if (s)he is a chicken
feel free to proof me wrong of course
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
In fact, the RIAA has been known to suggest that students drop out
of college or go to community college in order to be able to afford
settlements. -- The RIAA
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2022-02-02 13:48 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-31 13:51 Mark Gaiser
2022-01-31 13:51 ` [FFmpeg-devel] [PATCH 1/5] Early version of IPFS " Mark Gaiser
2022-01-31 15:59 ` Michael Niedermayer
2022-01-31 16:06 ` James Almer
2022-01-31 16:34 ` Mark Gaiser
2022-01-31 20:26 ` Lynne
2022-01-31 22:04 ` Mark Gaiser
2022-01-31 13:51 ` [FFmpeg-devel] [PATCH 2/5] Fix up IPNS support Mark Gaiser
2022-01-31 16:00 ` Michael Niedermayer
2022-01-31 13:51 ` [FFmpeg-devel] [PATCH 3/5] Merge IPNS and IPFS handling Mark Gaiser
2022-01-31 13:51 ` [FFmpeg-devel] [PATCH 4/5] Implement logic to determine the IPFS gateway Mark Gaiser
2022-01-31 13:51 ` [FFmpeg-devel] [PATCH 5/5] Fix review feedback Mark Gaiser
2022-01-31 15:46 ` Michael Niedermayer
2022-01-31 16:33 ` Mark Gaiser
2022-01-31 15:52 ` [FFmpeg-devel] [PATCH 0/5] Add IPFS and IPNS protocol support Tomas Härdin
2022-01-31 16:31 ` Mark Gaiser
2022-01-31 20:22 ` Tomas Härdin
2022-01-31 22:00 ` Mark Gaiser
2022-02-01 16:39 ` Tomas Härdin
2022-02-01 21:18 ` Mark Gaiser
2022-02-02 12:51 ` Tomas Härdin
2022-02-02 13:32 ` Mark Gaiser
2022-02-01 10:06 ` Michael Niedermayer
2022-02-01 16:43 ` Tomas Härdin
2022-02-02 13:48 ` Michael Niedermayer [this message]
2022-02-04 10:28 ` Tomas Härdin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220202134842.GO2829255@pb2 \
--to=michael@niedermayer.cc \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git