[FFmpeg-devel] Fix NTP time in RTCP SR packets

Rich Felker dalias
Mon Feb 18 19:49:49 CET 2008

On Mon, Feb 18, 2008 at 07:16:41PM +0100, Michael Niedermayer wrote:
> Hi
> On Mon, Feb 18, 2008 at 12:56:01PM +0100, Reimar D?ffinger wrote:
> > Hello,
> > On Mon, Feb 18, 2008 at 09:18:42AM +0100, Luca Abeni wrote:
> > > Summing up, an "av_gettime_more_secure() based" solution is ok in a large
> > > number of cases, but not always...
> > > I believe the AVFMT_FLAG_USE_TIME flag can solve the problem, but I do not
> > > know if it is overkilling. What do you think about it?
> > 
> > Maybe it does not matter much in this server case, but in general I
> > think a flag to distinguish between the "I want to keep as many
> > information/features as possible" and "I want to create a file I'd like
> > to publish (almost) anonymously" modes of operation would be desirable.
> The max anonymity is always default, i just think you are overparanoid with
> the time in the case of streaming. Its not as if this would be stored in a
> file ...
> Also iam curious, can you point at a concrete case where knowing the exact
> time of a system would significantly weaken its security?

Regardless, I don't think the lack of an ability to point out an
exploit for information leaks is an excuse for tolerating them. If the
leaks can be avoided, then no one has to worry about whether another
person more clever than themselves might think of a way to take
advantage of the information. I would stick to the policy of never
disclosing any potentially-seen-as-private data from the system
creating the file/stream.


More information about the ffmpeg-devel mailing list