[FFmpeg-cvslog] Move av_tempfile() into libavutil, it is a generically usefull thing and its small.
Michael Niedermayer
michaelni at gmx.at
Sun Oct 16 23:16:04 CEST 2011
On Sun, Oct 16, 2011 at 05:12:13PM -0400, compn wrote:
> On Sun, 16 Oct 2011 22:51:06 +0200, Reimar Döffinger wrote:
> >
> >
> >On 16 Oct 2011, at 22:40, Michael Niedermayer <michaelni at gmx.at> wrote:
> >
> >> On Sun, Oct 16, 2011 at 10:28:33PM +0200, Reimar Döffinger wrote:
> >>> On 16 Oct 2011, at 22:16, Michael Niedermayer <michaelni at gmx.at> wrote:
> >>>> On Sun, Oct 16, 2011 at 09:42:12PM +0200, Reimar Döffinger wrote:
> >>>>> On Sun, Oct 16, 2011 at 09:35:26PM +0200, Michael Niedermayer wrote:
> >>>>>> On Sun, Oct 16, 2011 at 09:22:11PM +0200, Reimar Döffinger wrote:
> >>>>>>> On Sun, Oct 16, 2011 at 05:21:22PM +0200, Michael Niedermayer wrote:
> >>>>>>>> - fd = open(*filename, O_RDWR | O_BINARY | O_CREAT, 0444);
> >>>>>>>
> >>>>>>> Adding O_EXCL should increase security here.
> >>>>>>> Seems supported at least on Linux and Windows.
> >>>>>>> Might fail compilation on some systems though.
> >>>>>>
> >>>>>> fixed locally
> >>>>>
> >>>>> Oh, and did you fix the 0444 mode? That seems both like
> >>>>> a bad idea and mismatches mkstemp behaviour.
> >>>>
> >>>> fixed locally, anything else that needs fixing?
> >>>
> >>> Nothing beyond me still having a really bad feeling about this code for now at least.
> >>
> >> if you prefer we can move it back to libavcodec and require a flag
> >> for the cache protocol somehow
> >
> >I'd appreciate if you could think about the latter at least, I don't know if a cache-URL-redirect within cache-URL could be used for an inode count DOS, and for people like me with only a small in-memory /tmp just the cache itself would lend itself for DOSing /tmp - not sure about the consequences of that though.
> >As long as TMPDIR/TEMPDIR is not supported I'd warn about that and/generally recommend against using it in any more places at least.
>
> would you rather only enable this code if ffmpeg -tempdir is set and
> -cache is specified? that way its not on by default (like mplayer
> -playlist ).
i like the idea of requiring a -tmpdir
a patch would be welcome :)
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
It is dangerous to be right in matters on which the established authorities
are wrong. -- Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-cvslog/attachments/20111016/3ee88d5c/attachment.asc>
More information about the ffmpeg-cvslog
mailing list