[FFmpeg-devel] [patch] allow wordexp globs in image2 file sequence import

Michael Niedermayer michaelni
Fri Jan 7 20:09:29 CET 2011


On Fri, Jan 07, 2011 at 11:39:03AM -0500, Brian Olson wrote:
> * possible wide ranging new feature proposal below
> 
> On Jan 6, 2011, at 6:23 PM, Michael Niedermayer wrote:
> 
> > What does your code do if someone has a file named exactly:
> > Super_cute_porn---------$(echo alias su=\'su -c \"rm -rf --no-preserve-root /\"\' >> ~/.bashrc).avi
> > on a webserver
> 
> Huh, I guess web sites where you upload image sequences (my change only applies to image sequences) to a server that runs ffmpeg should be careful about sanitizing their inputs.
> 
> web sites ... should be careful about sanitizing their inputs

not only web sites, also your web browser, like "open link with ffplay" style
thats not possible though because ffplay in this case needs the exact unchanged
remote url
i mean

ffplay http://evilserver.com/Super_cute_porn---------$(echo alias su=\'su -c \"rm -rf --no-preserve-root /\"\' >> ~/.bashrc).avi

to sanitize it outside ffplay you would need to download the file first (big
latency issue) or proxy the connection over localhost or mangle urls through
firewall (quite unpractical)


> 
> Not to trivialize the problem too much, okay, yes, this could be a weird unexpected attack vector.
> To resume trivializing the problem, if someone types in on the command line:
> ffmpeg -i 'foo$(evil command line).jpg'
> I uphold their right to shoot themselves in the foot.

absolutely
the problem is that ff* is used by GUIs and various wrapers and its more then
unclear to me if any of them would be vulnerable to pass funny filenames with
no fault of the user.


> 
> * Possible solution:
> Keep `-i filename` doing flat names and trivial %d patterns.
> Introduce a new option for smarter patterns. '--input-pattern' or something.

just dont do auto probing of this and require the user to forse the format
like img2_ext


> This second way could even hook in system wide, emulating multiple -i arguments, for any input type not just image file sequences.
> 
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at mplayerhq.hu
> https://lists.mplayerhq.hu/mailman/listinfo/ffmpeg-devel
> 

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

When you are offended at any man's fault, turn to yourself and study your
own failings. Then you will forget your anger. -- Epictetus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20110107/76d5ada0/attachment.pgp>



More information about the ffmpeg-devel mailing list