From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 4B0D445CEA for ; Wed, 3 May 2023 19:08:52 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 34B7268C078; Wed, 3 May 2023 22:08:50 +0300 (EEST) Received: from relay6-d.mail.gandi.net (relay6-d.mail.gandi.net [217.70.183.198]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 03BD668838B for ; Wed, 3 May 2023 22:08:43 +0300 (EEST) Received: (Authenticated sender: michael@niedermayer.cc) by mail.gandi.net (Postfix) with ESMTPSA id 6ABCEC0006 for ; Wed, 3 May 2023 19:08:43 +0000 (UTC) Date: Wed, 3 May 2023 21:08:42 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20230503190842.GF1391451@pb2> References: <20230502193631.10844-1-michael@niedermayer.cc> <20230502201627.GA1391451@pb2> <20230503104941.GC1391451@pb2> MIME-Version: 1.0 In-Reply-To: Subject: Re: [FFmpeg-devel] [PATCH] [RFC] avformat: Add basic same origin check X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============1038694087347852045==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============1038694087347852045== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="lIrNkN/7tmsD/ALM" Content-Disposition: inline --lIrNkN/7tmsD/ALM Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 03, 2023 at 02:24:34PM +0200, Hendrik Leppkes wrote: > On Wed, May 3, 2023 at 12:49=E2=80=AFPM Michael Niedermayer > wrote: > > > > On Wed, May 03, 2023 at 12:05:54PM +0200, Hendrik Leppkes wrote: > > > On Tue, May 2, 2023 at 10:57=E2=80=AFPM James Almer wrote: > > > > > > > > > > added > > > > > +{"same_none" , "same origin check off" , = 0 , AV_OPT_TYPE_CONST, { .i64 =3D AVFMT_SAME_ORIGIN_CHECK_NONE }, 0, INT_MA= X, D|E, "same_origin"}, > > > > > > > > "none" sounds more natural. > > > > > > > > > > > > > > > > > > >> And do we want check_path to be default? It's a change > > > > >> in behavior. > > > > > > > > > > is it usefull if its not enabled by default ? > > > > > > > > It is, since it can be enabled, like the whitelists and blacklists,= but > > > > the question is if it's preferable to have it enabled. If you consi= der > > > > it so, then it's good and i wont oppose it. > > > > > > > > > > Is there any estimation how many legitimate streams would be broken by > > > these options? > > > If any major streams don't work with this, then its not a good option, > > > and eg. library users will likely just turn it off or to a lower > > > setting, as proper streams just have to work - and log output is > > > pretty much useless for API usage cases. > > > > > > A quick check for example shows that even something as simple as the > > > HLS BBC Radio streams will fail _all_ checks, since the playlists are > > > hosted on another host entirely as the media, thanks to akamai live > > > streaming. > > > Playlist here, as an example: > > > http://a.files.bbci.co.uk/media/live/manifesto/audio/simulcast/hls/no= nuk/sbr_low/ak/bbc_radio_one.m3u8 > > > > yes, thats why it says RFC in the subject, i had expected that a bit al= ready > > > > still OTOH, blocking these by default is the safer option, i mean if a = user > > does a > > ./ffplay http://trustedfoobar.org/cutevideo.avi > > > > would she expect that video to access http://127.0.0.1/ and later http:= //evilhost/localwebscan-success > > I think this should not be possible by default settings, its unexpected > > >=20 > Coming from the other side -- If the user needs to set the flag for > nearly all streams, then they are not going to check in the future and > just set it, defeating the purpose of them. At which point we might as > well not burden them. Yes, we need a system that is secure and works in most cases. [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Old school: Use the lowest level language in which you can solve the problem conveniently. New school: Use the highest level language in which the latest supercomputer can solve the problem without the user falling asleep waiting. --lIrNkN/7tmsD/ALM Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZFKxOgAKCRBhHseHBAsP q5N1AJ9/sYZED8pp9Tw205p5DpXEmWB2jACgmbqtnyb9vA/wO3iWZcHhFkcoeQE= =cfUy -----END PGP SIGNATURE----- --lIrNkN/7tmsD/ALM-- --===============1038694087347852045== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============1038694087347852045==--