Message ID | 20180512163329.18380-1-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
On Sat, May 12, 2018 at 06:33:25PM +0200, Michael Niedermayer wrote: > Iam not sure if this is a good idea or not but it may make some > attacks harder. So throwing this out for discussions ... no comment or other suggestion from anyone, so i will apply this [...]
2018-05-12 18:33 GMT+02:00, Michael Niedermayer <michael@niedermayer.cc>: > Iam not sure if this is a good idea or not but it may make some > attacks harder. So throwing this out for discussions ... I am definitely not objecting but I doubt that this patch can make any attack harder. The main "advantage" of the patch imo is that it stops FFmpeg from decoding txt files. Carl Eugen
On 9/11/18, Carl Eugen Hoyos <ceffmpeg@gmail.com> wrote: > 2018-05-12 18:33 GMT+02:00, Michael Niedermayer <michael@niedermayer.cc>: >> Iam not sure if this is a good idea or not but it may make some >> attacks harder. So throwing this out for discussions ... > > I am definitely not objecting but I doubt that this patch can make > any attack harder. > The main "advantage" of the patch imo is that it stops FFmpeg > from decoding txt files. FFmpeg can still decode txt files, just not automatically.
2018-09-11 23:42 GMT+02:00, Paul B Mahol <onemda@gmail.com>: > On 9/11/18, Carl Eugen Hoyos <ceffmpeg@gmail.com> wrote: >> 2018-05-12 18:33 GMT+02:00, Michael Niedermayer <michael@niedermayer.cc>: >>> Iam not sure if this is a good idea or not but it may make some >>> attacks harder. So throwing this out for discussions ... >> >> I am definitely not objecting but I doubt that this patch can make >> any attack harder. >> The main "advantage" of the patch imo is that it stops FFmpeg >> from decoding txt files. > > FFmpeg can still decode txt files, just not automatically. Sorry, I meant "by default". Carl Eugen
On Tue, Sep 11, 2018 at 11:31:23PM +0200, Carl Eugen Hoyos wrote: > 2018-05-12 18:33 GMT+02:00, Michael Niedermayer <michael@niedermayer.cc>: > > Iam not sure if this is a good idea or not but it may make some > > attacks harder. So throwing this out for discussions ... > > I am definitely not objecting but I doubt that this patch can make > any attack harder. files ending with the .txt extension which are not multimedia files contain some other posibly sensitive data. If an attacker can control the input path for ffmpeg and nothing else then being able to read txt files allows leaking the content to the attacker generally. We had bugs that allowed the attacker to control the input path in some cases. So this pre-requesite has evidence for past occurance. We surely can leave txt in the list if people prefer. This is not a clear case of what is better. Its not a true "its buggy and this fixes it" case rather a "this is a steping stone an attacker might find useful in some case of unknown propability" > The main "advantage" of the patch imo is that it stops FFmpeg > from decoding txt files. > > Carl Eugen > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
diff --git a/libavformat/tty.c b/libavformat/tty.c index 8d48f2c45c..8067dd1908 100644 --- a/libavformat/tty.c +++ b/libavformat/tty.c @@ -155,6 +155,6 @@ AVInputFormat ff_tty_demuxer = { .priv_data_size = sizeof(TtyDemuxContext), .read_header = read_header, .read_packet = read_packet, - .extensions = "ans,art,asc,diz,ice,nfo,txt,vt", + .extensions = "ans,art,asc,diz,ice,nfo,vt", .priv_class = &tty_demuxer_class, };
Iam not sure if this is a good idea or not but it may make some attacks harder. So throwing this out for discussions ... Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/tty.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)