From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id A1BE340A08
	for <ffmpegdev@gitmailbox.com>; Wed,  2 Feb 2022 13:48:54 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C42DB688382;
	Wed,  2 Feb 2022 15:48:51 +0200 (EET)
Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net
 [217.70.183.200])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B030068AEC7
 for <ffmpeg-devel@ffmpeg.org>; Wed,  2 Feb 2022 15:48:44 +0200 (EET)
Received: from localhost (213-47-68-29.cable.dynamic.surfer.at [213.47.68.29])
 (Authenticated sender: michael@niedermayer.cc)
 by mail.gandi.net (Postfix) with ESMTPSA id C37392000E
 for <ffmpeg-devel@ffmpeg.org>; Wed,  2 Feb 2022 13:48:43 +0000 (UTC)
Date: Wed, 2 Feb 2022 14:48:42 +0100
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20220202134842.GO2829255@pb2>
References: <20220131135116.14035-1-markg85@gmail.com>
 <658ed8dfeb4a2ebacfc2989dfb4e139131b1242d.camel@acc.umu.se>
 <CAPd6JnG0znVaOxm5Q0cU-aYBwHVZA0qa+NJ1U867wu8K1U8Pew@mail.gmail.com>
 <af3c20a01f52f6c0ef3fc90958cc655980533884.camel@acc.umu.se>
 <20220201100657.GL2829255@pb2>
 <42c71b6ad837536b2f5a012a7f2d5819b6437249.camel@acc.umu.se>
MIME-Version: 1.0
In-Reply-To: <42c71b6ad837536b2f5a012a7f2d5819b6437249.camel@acc.umu.se>
Subject: Re: [FFmpeg-devel] [PATCH 0/5] Add IPFS and IPNS protocol support
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary="===============1509464885178609470=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20220202134842.GO2829255@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============1509464885178609470==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="4AVp4Az+0VhaKHel"
Content-Disposition: inline


--4AVp4Az+0VhaKHel
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Feb 01, 2022 at 05:43:24PM +0100, Tomas H=E4rdin wrote:
> tis 2022-02-01 klockan 11:06 +0100 skrev Michael Niedermayer:
> > On Mon, Jan 31, 2022 at 09:22:52PM +0100, Tomas H=E4rdin wrote:
> > [...]
> > > It strikes me that this borders on incorporating business logic
> > > within
> > > lavf. A user could achieve the same thing with a small shell
> > > script.
> > > For example adding an alias that inspects calls to ffmpeg and sed:s
> > > ipfs:// URLs accordingly
> >=20
> > That sounds like a security nightmare
>=20
> Parsing shit in C is a far bigger nightmare I can assure you. The
> command line can leverage sed and the regex in the URL RFC.

the problem is if you parse it on the command line and change it
before passing it to ffmpeg. You really need to have ffmpeg and
the command line parse it 100% exactly the same. If theres a
difference you can introduce security issues. because things in the
commend line that are not intended to be changed by an attacker
could become changeable by parser differences, this involves also
issues with artgument seperators being parsed or not parsed as urls

for example a filter argument could be a URL or it could be a generic
string the command line wraper would have to know this difference.
metadata and drawtext will behave interresting if they display
ipfs: and keep in mind on top here the : is a argument seperator
for filters so a real url ipfs link as filter argument would have the :
escaped in some way. The command line tool would need to fully
handle all escaping and unescping we use in every argument and it would
need to have a list of what holds an url and what doesnt.
Noone will implement this in a 100% correct form with sed and regex
anyone trying will long before run naked through the streets and flap
her/his hands as if (s)he is a chicken
feel free to proof me wrong of course=20

thx

[...]
--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

In fact, the RIAA has been known to suggest that students drop out
of college or go to community college in order to be able to afford
settlements. -- The RIAA

--4AVp4Az+0VhaKHel
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCYfqLtwAKCRBhHseHBAsP
q/nIAKCOcrnpf4VfuLi8cgkrhY4m1vF0bQCdHM28oCXCj2zpdARvNy1hHkw32rU=
=XPxF
-----END PGP SIGNATURE-----

--4AVp4Az+0VhaKHel--

--===============1509464885178609470==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============1509464885178609470==--