On Tue, May 09, 2023 at 09:35:09AM +0200, Tobias Rapp wrote:
> On 09/05/2023 08:19, Anton Khirnov wrote:
> 
> > Quoting Michael Niedermayer (2023-05-09 00:35:08)
> > > On Mon, May 08, 2023 at 04:05:40PM +0200, Tobias Rapp wrote:
> > > > [...]
> > > > DASH is usually transferred over HTTP where file extensions are of minor
> > > > interest, the relevant type information is in the Mime-Type header.
> > > would anyone be opposed to return 0 from dash_probe() when
> > > both the mime_type and the extension are wrong ?
> > I would.
> > 
> > probe() is for probing, not implementing security policies. IMO trying
> > to fix security issues at the wrong layer will only lead to more
> > confusion, more complexity, and LESS security.
> 
> I agree that probing should be unrelated to the actual format selection
> policy.
> 

> > > example: a crafted image.jpeg uploaded somewhere is played as dash.
> > > or am i missing something that would stop that ?
> The player application could exclude the dash format (and other playlist
> formats) from the format_whitelist I guess?

That would push the problem down to every application which is really
not a very good solution

Its even worse because every player than needs to also know which format
is a playlist format. Including all future ones and then also if the user
minds them being disabled completely

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

"You are 36 times more likely to die in a bathtub than at the hands of a
terrorist. Also, you are 2.5 times more likely to become a president and
2 times more likely to become an astronaut, than to die in a terrorist
attack." -- Thoughty2