From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id F324545CB0
	for <ffmpegdev@gitmailbox.com>; Wed,  3 May 2023 10:49:51 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 90EFA68C084;
	Wed,  3 May 2023 13:49:48 +0300 (EEST)
Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net
 [217.70.183.193])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7BF6068BEFC
 for <ffmpeg-devel@ffmpeg.org>; Wed,  3 May 2023 13:49:42 +0300 (EEST)
Received: (Authenticated sender: michael@niedermayer.cc)
 by mail.gandi.net (Postfix) with ESMTPSA id D04ED24000E
 for <ffmpeg-devel@ffmpeg.org>; Wed,  3 May 2023 10:49:41 +0000 (UTC)
Date: Wed, 3 May 2023 12:49:41 +0200
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20230503104941.GC1391451@pb2>
References: <20230502193631.10844-1-michael@niedermayer.cc>
 <f1acf68c-7c4f-a60c-9efc-83782ef4d4b6@gmail.com>
 <20230502201627.GA1391451@pb2>
 <b12f9d44-e819-3da3-fd5e-cbee012308f4@gmail.com>
 <CA+anqdynX+CJsU0HUM2eBvesd9=yibG7DnTTSyJzApEKboBHpw@mail.gmail.com>
MIME-Version: 1.0
In-Reply-To: <CA+anqdynX+CJsU0HUM2eBvesd9=yibG7DnTTSyJzApEKboBHpw@mail.gmail.com>
Subject: Re: [FFmpeg-devel] [PATCH] [RFC] avformat: Add basic same origin
 check
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary="===============3898423299291735676=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20230503104941.GC1391451@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============3898423299291735676==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="zCKi3GIZzVBPywwA"
Content-Disposition: inline


--zCKi3GIZzVBPywwA
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, May 03, 2023 at 12:05:54PM +0200, Hendrik Leppkes wrote:
> On Tue, May 2, 2023 at 10:57=E2=80=AFPM James Almer <jamrial@gmail.com> w=
rote:
> > >
> > > added
> > > +{"same_none"  , "same origin check off"                       , 0 , =
AV_OPT_TYPE_CONST, { .i64 =3D AVFMT_SAME_ORIGIN_CHECK_NONE }, 0, INT_MAX, D=
|E, "same_origin"},
> >
> > "none" sounds more natural.
> >
> > >
> > >
> > >> And do we want check_path to be default? It's a change
> > >> in behavior.
> > >
> > > is it usefull if its not enabled by default ?
> >
> > It is, since it can be enabled, like the whitelists and blacklists, but
> > the question is if it's preferable to have it enabled. If you consider
> > it so, then it's good and i wont oppose it.
> >
>=20
> Is there any estimation how many legitimate streams would be broken by
> these options?
> If any major streams don't work with this, then its not a good option,
> and eg. library users will likely just turn it off or to a lower
> setting, as proper streams just have to work - and log output is
> pretty much useless for API usage cases.
>=20
> A quick check for example shows that even something as simple as the
> HLS BBC Radio streams will fail _all_ checks, since the playlists are
> hosted on another host entirely as the media, thanks to akamai live
> streaming.
> Playlist here, as an example:
> http://a.files.bbci.co.uk/media/live/manifesto/audio/simulcast/hls/nonuk/=
sbr_low/ak/bbc_radio_one.m3u8

yes, thats why it says RFC in the subject, i had expected that a bit already

still OTOH, blocking these by default is the safer option, i mean if a user
does a
=2E/ffplay http://trustedfoobar.org/cutevideo.avi

would she expect that video to access http://127.0.0.1/ and later http://ev=
ilhost/localwebscan-success
I think this should not be possible by default settings, its unexpected

maybe a whitelist of hosts or urls. Something the user could add
*.akamaized.net
to may be an option

Thx

[...]
--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The real ebay dictionary, page 2
"100% positive feedback" - "All either got their money back or didnt compla=
in"
"Best seller ever, very honest" - "Seller refunded buyer after failed scam"

--zCKi3GIZzVBPywwA
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZFI8QAAKCRBhHseHBAsP
q09iAJ9VOo2oY94YtAyg+MsbFK7rTTjl2gCeN9VFpYJl0eWea836jOYZZ8P6IEo=
=pfnh
-----END PGP SIGNATURE-----

--zCKi3GIZzVBPywwA--

--===============3898423299291735676==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============3898423299291735676==--