From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 0299A40A6B for ; Sat, 5 Mar 2022 19:16:54 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 92CE368B0CD; Sat, 5 Mar 2022 21:16:51 +0200 (EET) Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net [217.70.183.199]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0868B68B0BB for ; Sat, 5 Mar 2022 21:16:44 +0200 (EET) Received: from localhost (213-47-68-29.cable.dynamic.surfer.at [213.47.68.29]) (Authenticated sender: michael@niedermayer.cc) by mail.gandi.net (Postfix) with ESMTPSA id 9600EFF804 for ; Sat, 5 Mar 2022 19:16:43 +0000 (UTC) Date: Sat, 5 Mar 2022 20:16:42 +0100 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20220305191642.GG2829255@pb2> References: <20220304150307.61769-1-ffmpeg@haasn.xyz> <20220304150307.61769-2-ffmpeg@haasn.xyz> MIME-Version: 1.0 In-Reply-To: <20220304150307.61769-2-ffmpeg@haasn.xyz> Subject: Re: [FFmpeg-devel] [PATCH 2/2] lavu/tests/opts: add tests for filepath options X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============3287692842178041557==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============3287692842178041557== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="cfwLARp8Hput0K7Y" Content-Disposition: inline --cfwLARp8Hput0K7Y Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 04, 2022 at 04:03:07PM +0100, Niklas Haas wrote: > From: Niklas Haas >=20 > Using the venerable HEADER.txt as a small file to load. > --- > libavutil/tests/opt.c | 38 +++++++++++++++++++++++++++++++++++++- > tests/fate/libavutil.mak | 2 +- > tests/ref/fate/opt | 4 ++++ > 3 files changed, 42 insertions(+), 2 deletions(-) Please add tests which tries to load id_rsa ~/.ssh/id_rsa shadow /etc/shadow =2Ebash_history =2E.. The idea here is of course that such attempts fail Also document the security implications of this feature in=20 doc/APIchanges / release notes if there is a security implication Adjusting the parameters of most components could previously not read arbitrary files so a application could previously pass a string from a untrusted user to it. If this changes it needs to be justfied and documented If it doesnt change and its still safe that should be documented. If it depends on whitelists and callbacks that should be actually implement= ed in ffmpeg and the relevant examples=20 And i do like this feature, if it can be done without security issues thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The misfortune of the wise is better than the prosperity of the fool. -- Epicurus --cfwLARp8Hput0K7Y Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCYiO3FgAKCRBhHseHBAsP qxE6AJ4h7XdTCOUSjNWU87kttwkwyR/pIACfS7hRk99EiCZ1zPS6KuGcfEonTg8= =XtPM -----END PGP SIGNATURE----- --cfwLARp8Hput0K7Y-- --===============3287692842178041557== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============3287692842178041557==--