[FFmpeg-devel] [PATCH] lavf/img2dec: change the default pattern to none

Michael Niedermayer michael at niedermayer.cc
Sun Jan 17 21:23:38 CET 2016


On Sun, Jan 17, 2016 at 08:28:32PM +0100, Marton Balint wrote:
> 
> On Sun, 17 Jan 2016, Carl Eugen Hoyos wrote:
> >Marton Balint <cus <at> passwd.hu> writes:
> >
> >>The current default pattern type, glob_sequence is deprecated
> >>for almost 3.5 years,
> >
> >Sorry if I misunderstand: When was it deprecated?
> >
> 
> In commit 3a06ea84 at 2012-08-06 by Stefano.
> 
> >>before removing it, we need a new, sensible pattern default. I
> >>suggest "none" which turns off pattern matching, because using
> >>the filename as a pattern can be a security risk exposing other
> >>files in the source directory,
> >
> >Is the current default a security risk or would another default
> >be?
> 
> The current pattern matching is a risk, any pattern matching by
> default can be a risk, that is why I proposed "none".
> 

> Think about a web application putting user uploaded content to a
> directory, then the web application transcodes it with ffmpeg. If a
> malicous user uploads a file with a crafted name which is
> interpreted as a pattern, then the output of the transcoding can
> contain some or all of the existing files in the source folder
> leaking other user's data.

imagine the user would just supply files that had names matching
files already there in that directory
They would get overwritten before FFmpeg even starts

or if you imply that would be checked for, users then would not
be able to uplode their file.avi because someone else already did

I think this hypothetical web application has deeper problems or
at least is poorly specified what it really does ...

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Let us carefully observe those good qualities wherein our enemies excel us
and endeavor to excel them, by avoiding what is faulty, and imitating what
is excellent in them. -- Plutarch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20160117/5da8e8e8/attachment.sig>


More information about the ffmpeg-devel mailing list