From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 6B71F4C126 for ; Wed, 5 Feb 2025 18:41:51 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 25D4268B8A5; Wed, 5 Feb 2025 20:41:48 +0200 (EET) Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5123D689DB3 for ; Wed, 5 Feb 2025 20:41:41 +0200 (EET) Received: by mail.gandi.net (Postfix) with ESMTPSA id 81A2C441DB for ; Wed, 5 Feb 2025 18:41:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1738780900; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=tFboxBj116MWyhfp0Kjak0WJbB3feH/Cq0NCzddyIWM=; b=Y5ZFLf9yUrlG+V5mSsso0hK0/C1ZG5rT2eBZsXhBURF+HK/Upc2Qv/Av0PTvoONUZ9MPe0 WjqmbmBM0gN2pFqkuVQzgVze4++nmJ8zcRA84dD6yy3xU/oKEpkeshhDf70D1HL3T5D8Ya dT3oC99LgesogFhWCovi7T0INGgs2IIIxrB8ru6vF+PSs2pp4R35lsVk+iuGsVl4vX9Y8f i1V0XbIi4fBF1uC2+5iBQ7DUqA/UHgLnA9+jhNV9dbMEzXaGNUlqgUAWXLCgH/dHxINMIH X/QzI/fYdpv79NbdrMQFKbIGbA4N1AXgE7Oe7iVh2j2i7nqwBA5XhFCNWV6bTA== Date: Wed, 5 Feb 2025 19:41:39 +0100 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20250205184139.GD4991@pb2> References: <20250128142421.337241-1-michael@niedermayer.cc> <20250128142421.337241-2-michael@niedermayer.cc> <20250128214418.GY4991@pb2> MIME-Version: 1.0 In-Reply-To: X-GND-State: clean X-GND-Score: -70 X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddvgedvudcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfitefpfffkpdcuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedtudenucesvcftvggtihhpihgvnhhtshculddquddttddmnegfrhhlucfvnfffucdlfedtmdenucfjughrpeffhffvuffkfhggtggujgesghdtreertddtjeenucfhrhhomhepofhitghhrggvlhcupfhivgguvghrmhgrhigvrhcuoehmihgthhgrvghlsehnihgvuggvrhhmrgihvghrrdgttgeqnecuggftrfgrthhtvghrnhepleekgefgffeiudefjeeuffejudehtddtudeltdehveevvedtieeulefhtdeutdeknecukfhppeeguddrieeirdeijedruddufeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeeguddrieeirdeijedruddufedphhgvlhhopehlohgtrghlhhhoshhtpdhmrghilhhfrhhomhepmhhitghhrggvlhesnhhivgguvghrmhgrhigvrhdrtggtpdhnsggprhgtphhtthhopedupdhrtghpthhtohepfhhfmhhpvghgqdguvghvvghlsehffhhmphgvghdrohhrgh X-GND-Sasl: michael@niedermayer.cc Subject: Re: [FFmpeg-devel] [PATCH 2/2] avformat/hls: .ts is always ok even if its a mov/mp4 X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============1919298324441751739==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============1919298324441751739== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="nqM7RmCsv/xtHyrj" Content-Disposition: inline --nqM7RmCsv/xtHyrj Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Kacper On Tue, Feb 04, 2025 at 12:45:14PM +0100, Kacper Michajlow wrote: [...] > security benefits. I get it. Someone needed to hit their KPI by > submitting CVEs, and they found a marginally applicable case of a > highly unrealistic attack scenario. I think you mis judge the (un)realism of this attack prior to the patches, i can give you a m3u8 file and it will store any local file in the output video This is not even just a matter of video streaming services, With a bit of social engeneering you can likely get people to do that. "Hey i found this odd file that encodes to different gibberish on each machien, iam an artist, doing an art project, can you just quickly reencode this and send me the mkv it generates ?" Who would think that above will effectively give the attacker full access to your machiene. unless you run this in a sandbox that has no access to sensitve files >=20 > But FFmpeg should be cautious about adopting questionable security > measures, such as: >=20 > > DASH playlists should restrict URIs to data:// and file:// unless other= wise specified with protocol_whitelist. >=20 > I mean, cool, but isn't DASH a Dynamic Adaptive Streaming over HTTP? >=20 > In summary, I believe the ability of FFmpeg to open or parse certain > formats is highly dependent on the deployment environment. If you > provide a service that allows foreign playlists to be opened on your > server, it is your responsibility to restrict access appropriately, > whether through sandboxing, firewalls, or by disabling unnecessary > demuxers and features in your FFmpeg binaries to minimize the attack > surface. There's even a useful configuration option to disable > networking if that suits your needs. For example, I fully expect my > libavformat to open DASH streams using the HTTP protocol, and I don=E2=80= =99t > consider that a CVE issue simply because it has that capability. A local file by default should not open a network connection. (otherwise one can count who, when and where a file is played) The user can set the protocol_whitelist if she wants local files to open network connections if a m3u8 / dash / whatever file is remote on http then said file is not local and can open other remote files but cannot open local files by default again the user can override that as she prefers This is just a basic "same origin" policy thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Democracy is the form of government in which you can choose your dictator --nqM7RmCsv/xtHyrj Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZ6Ow4AAKCRBhHseHBAsP q6vTAJwOxFkmF7UoShp2Y37YENkWqGj7vgCfewaOZUhX1V3fNPsB7yNW1Dt1yZg= =AOe6 -----END PGP SIGNATURE----- --nqM7RmCsv/xtHyrj-- --===============1919298324441751739== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============1919298324441751739==--