[FFmpeg-cvslog] Move av_tempfile() into libavutil, it is a generically usefull thing and its small.

compn tempn at twmi.rr.com
Sun Oct 16 23:12:13 CEST 2011


On Sun, 16 Oct 2011 22:51:06 +0200, Reimar Döffinger wrote:
>
>
>On 16 Oct 2011, at 22:40, Michael Niedermayer <michaelni at gmx.at> wrote:
>
>> On Sun, Oct 16, 2011 at 10:28:33PM +0200, Reimar Döffinger wrote:
>>> On 16 Oct 2011, at 22:16, Michael Niedermayer <michaelni at gmx.at> wrote:
>>>> On Sun, Oct 16, 2011 at 09:42:12PM +0200, Reimar Döffinger wrote:
>>>>> On Sun, Oct 16, 2011 at 09:35:26PM +0200, Michael Niedermayer wrote:
>>>>>> On Sun, Oct 16, 2011 at 09:22:11PM +0200, Reimar Döffinger wrote:
>>>>>>> On Sun, Oct 16, 2011 at 05:21:22PM +0200, Michael Niedermayer wrote:
>>>>>>>> -    fd = open(*filename, O_RDWR | O_BINARY | O_CREAT, 0444);
>>>>>>> 
>>>>>>> Adding O_EXCL should increase security here.
>>>>>>> Seems supported at least on Linux and Windows.
>>>>>>> Might fail compilation on some systems though.
>>>>>> 
>>>>>> fixed locally
>>>>> 
>>>>> Oh, and did you fix the 0444 mode? That seems both like
>>>>> a bad idea and mismatches mkstemp behaviour.
>>>> 
>>>> fixed locally, anything else that needs fixing?
>>> 
>>> Nothing beyond me still having a really bad feeling about this code for now at least.
>> 
>> if you prefer we can move it back to libavcodec and require a flag
>> for the cache protocol somehow
>
>I'd appreciate if you could think about the latter at least, I don't know if a cache-URL-redirect within cache-URL could be used for an inode count DOS, and for people like me with only a small in-memory /tmp just the cache itself would lend itself for DOSing /tmp - not sure about the consequences of that though.
>As long as TMPDIR/TEMPDIR is not supported I'd warn about that and/generally recommend against using it in any more places at least.

would you rather only enable this code if ffmpeg -tempdir is set and
-cache is specified? that way its not on by default (like mplayer
-playlist ).

-compn


More information about the ffmpeg-cvslog mailing list