[FFmpeg-devel] [PATCH 3/3] avformat: set the default whitelist to disable hls

[Michael Niedermayer]

Hi

On Sun, Jun 04, 2017 at 12:46:18PM +0200, Nicolas George wrote:
> Le quartidi 14 prairial, an CCXXV, Michael Niedermayer a écrit :
> > > Notice a pattern?
> > yes
> > Security issues are found, i post a fix and people complain,
> 
> No. The pattern is: you rush to produce a bad fix.

thats "ad hominem"

If theres an issue in a change, the center of the discussion should be
the issue so it can be improved.

looking at what you wrote, iam not even sure if you talk
about whitelists, some patch here or something totally different that
you call bad. Its just obvious at who you point not what you talk about
or what you see bad in it.

and that person (being me) is heavily constrained by the wishes of
the rest of the team.

also security issues need to be fixed quickly, the quick fix to
stop an issue and the solution we work toward in the long term
can be very different and a quick fix in the most general sense is
likely quite shit compared to a long term solution.

Still we own our users fixing sec issues quickly, its us who wrote
the vulnerable mess in the first place. We should not let them wait
until we design and implement the perfect long term solution.


> 
> > If you knew a year and a half ago about a security issue and about a
> > great solution to it.
> > How far is it from completion ?
> > does this cover the hls vulnerability we discussed in
> > the last 2 days and Can you post a patch ?
> 
> I said that WE needed to look for a solution. We, collective.
> 
> I, individual, do not have a solution, I only know that one exists
> (Perl, Windows, web browsers all have a similar mechanism) and that
> "fixing" the individual issues rather than designing a global solution
> is a waste of time.

Iam happy to help and work together with you to design and implement
this. Iam not sure what you have in mind though exactly and iam not
sure if its able to fix this.

Can you please explain what you have in mind ?


> 
> > But the real question still is, how do people prefer us to deal with
> > this security issue here?
> 
> This one ? Ignore it but take the opportunity to start designingⁿ: a
> proper solution would fix it anyway.
> 
> If you do anything else, I will not object to you pushing, but only if
> you add "--author=Sysiphus" to your git commit command.

You dont need to convince me that the extension check or changes
within just hls are not a complete solution. Iam quite well aware
of this. This is intended to stop an existing exploit and variants of
it in practice and do so quickly.

A complete solution will also likely add some inconvenience that
some developers object to. I feel that the security outweighs the
inconvenience but others object to it.

Its not the first issue with hls and it likely wont be the last, I
think --author=Sysiphus is quite fitting in fact. Also its really
a change guided by peoples objections ...

Thanks

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

"I am not trying to be anyone's saviour, I'm trying to think about the
 future and not be sad" - Elon Musk

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170605/f4d8bd76/attachment.sig>