From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id E5F26446FE for ; Mon, 26 Dec 2022 11:24:32 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 844F068B9EC; Mon, 26 Dec 2022 13:24:29 +0200 (EET) Received: from nef.ens.fr (nef2.ens.fr [129.199.96.40]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8B3CA680B98 for ; Mon, 26 Dec 2022 13:24:22 +0200 (EET) X-ENS-nef-client: 129.199.129.80 ( name = phare.normalesup.org ) Received: from phare.normalesup.org (phare.normalesup.org [129.199.129.80]) by nef.ens.fr (8.14.4/1.01.28121999) with ESMTP id 2BQBOLeJ001268 for ; Mon, 26 Dec 2022 12:24:21 +0100 Received: by phare.normalesup.org (Postfix, from userid 1001) id A2E82EB5B7; Mon, 26 Dec 2022 12:24:21 +0100 (CET) Date: Mon, 26 Dec 2022 12:24:21 +0100 From: Nicolas George To: FFmpeg development discussions and patches Message-ID: References: <4e55583552e6075a98529e687aa734ae3a37d434.camel@haerdin.se> <0827356649c2377a415062619630c39f4da85bfb.camel@haerdin.se> <22bb1fc7df0f82b34ebc4bec622c2c84f23d9571.camel@haerdin.se> MIME-Version: 1.0 In-Reply-To: <22bb1fc7df0f82b34ebc4bec622c2c84f23d9571.camel@haerdin.se> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (nef.ens.fr [129.199.96.32]); Mon, 26 Dec 2022 12:24:21 +0100 (CET) Subject: Re: [FFmpeg-devel] Would a crypto file be acceptable? X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============3613120687763210078==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============3613120687763210078== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Ku2NLdNgYiK1hxCq" Content-Disposition: inline --Ku2NLdNgYiK1hxCq Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Tomas H=E4rdin (12022-12-26): > Right. And trying to smuggle in command line options via a file feels > made for exploitation.. This is why my proposal years ago was rejected by Reimar. And this is why concat requires -safe to accept options. To be fair, limiting the case to cryptographic keys would probably not be exploitable, but it is a half measure, too specific to a particular use case. --=20 Nicolas George --Ku2NLdNgYiK1hxCq Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE6ooRQGBoNzw0KnwPcZVLI8pNxgwFAmOphGMACgkQcZVLI8pN xgw8FA//ZrAP/ATNjTg2GGCTrNPXbOsh8EPGoWwyYWB+YWD8GUYceSf1cAKW7kQG MaPJM/epPDc5cdn/djkL/2g0YvSak/4nOpWP/FY9c+HeQr81AVZUCHWDLlauUxKz /oaXAcbe9zqxGe6Ro23TOVuhfGE9E2br/iyKxS6NOXSD44qKr38YwOutLnTq34Vc FUOjHsgGqyvIJjO9zNwYan8jK72ZsDqRLqzp/PXZoBVSWxc3DGAksmU/aR0ULWCg z4NrAT7hMvz37hTjFYFiHo6VPQDUFSN92XYeMsG7NDi3mBVnBkKgucpN1eahKGr9 9y7/3zRwX+Dh5jpcB+61Xt53p1AfAUxXb/F0ct957TqBV+CU6eg4U4bcmrw9qiRQ 3BqyQG6iDXpN7xZMle7HbJp3Mr0AnxCgUC4ucHSSU2usrT/IAQRhl+lJTbIRWZ0l OV+2Md9npYZU/OdELDCi+CGWre2pNMe6ld2kiDNM7b8wIPItTajYlpwg7BsRwDZe E+E+H+Nh/q+bbxct55NRFntMM+YtVS2A89kYzjEYfKxLELHvNSDi+4/pJiGHd//r /d+MNRVMU507vuZ/aNRfXr7/oR35vHpfcZeViDg1z5hLd/agT1emDmHLIU4fWv7P oQE+PERRda9Zr72DJaoel31BGUVtWbodsZLRk3wQHrMhNxMsiDU= =toC1 -----END PGP SIGNATURE----- --Ku2NLdNgYiK1hxCq-- --===============3613120687763210078== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============3613120687763210078==--