From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 15DB045CCE
	for <ffmpegdev@gitmailbox.com>; Wed,  3 May 2023 13:34:10 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B852C68BFB3;
	Wed,  3 May 2023 16:34:07 +0300 (EEST)
Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net
 [217.70.183.197])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7BC1568ADD8
 for <ffmpeg-devel@ffmpeg.org>; Wed,  3 May 2023 16:34:01 +0300 (EEST)
Received: (Authenticated sender: michael@niedermayer.cc)
 by mail.gandi.net (Postfix) with ESMTPSA id 9289C1C000E
 for <ffmpeg-devel@ffmpeg.org>; Wed,  3 May 2023 13:34:00 +0000 (UTC)
Date: Wed, 3 May 2023 15:33:59 +0200
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20230503133359.GD1391451@pb2>
References: <20230502193631.10844-1-michael@niedermayer.cc>
 <09C1198A-DB0A-43CC-ADCA-23594E0BFEDA@remlab.net>
MIME-Version: 1.0
In-Reply-To: <09C1198A-DB0A-43CC-ADCA-23594E0BFEDA@remlab.net>
Subject: Re: [FFmpeg-devel] [PATCH] [RFC] avformat: Add basic same origin
 check
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary="===============5738842298720323967=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20230503133359.GD1391451@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============5738842298720323967==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="ylS2wUBXLOxYXZFQ"
Content-Disposition: inline


--ylS2wUBXLOxYXZFQ
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi

On Wed, May 03, 2023 at 02:16:03PM +0300, R=E9mi Denis-Courmont wrote:
> Nit: different

fixed


>=20
> But is there an actual threat model whence it is necessary or even useful=
 for a media framework to implement origin policies? On top of my head, thi=
s can be used by content providers to prevent third parties from referencin=
g their media files... but that seems user-hostile; it does not provide any=
 security for the user of FFmpeg.
>=20
> I could be wrong, but IMU, origin policy is meant to prevent harmful embe=
dding of images and frames, and to prevent cross-site scripting, but FFmpeg=
 doesn't support either if these anyway, so it's not concerned.

This patch was inspired by a report on ffmpeg-security about SSRF
(for which custom io_open() callback or soem sort of sandboxing/VM can be
 used to avoid it)
 The patch here was intended to explore if we can provide something thats
 better tahn currently by default
=20
But the same issue with roles flipped occurs for the end user and the user =
cannot be expected
to setup a custom io_open() callback for his player
The current code can be also used to poke
around the local network of the user. Which is unexpected by the user
for example a avi file could be probed as a m3u8 playlist and then=20
poke around on the local net while mixing that with remote urls
=66rom the timing of the remote accesses the remote party should be able
to infer what happened with the local poking. Did it timeout? was
the access rejected ? was there a file that was read and probed/played ?

thx

[...]

--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Whats the most studid thing your enemy could do ? Blow himself up
Whats the most studid thing you could do ? Give up your rights and
freedom because your enemy blew himself up.


--ylS2wUBXLOxYXZFQ
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZFJiwgAKCRBhHseHBAsP
q3IpAJ4n9z/6bDI5w+CgtE6j5b1y+/fh2gCeOqHK8aRtDx9m81B9TRi9ftfdfqI=
=O7ax
-----END PGP SIGNATURE-----

--ylS2wUBXLOxYXZFQ--

--===============5738842298720323967==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============5738842298720323967==--