[FFmpeg-user] ffmpeg for a joomla video website

Mon Jul 21 22:02:44 CEST 2014


Am 21.07.2014 21:27, schrieb Reindl Harald:
> Am 21.07.2014 21:20, schrieb Nicolas George:
>> Le tridi 3 thermidor, an CCXXII, Tom Evans a écrit :
>>> Shell'ing to run ffprobe gets you the same data; using software with
>>> known exploits is much more insecure than making sure you correctly
>>> escape filenames.
>>
>> And it is even better to make sure not to _need_ to escape filenames
> 
> that was not the question
> 
> the question is between using known unsecure software
> where *every* input file could lead to code execution
> or escape filenames
> 
> using *knowingly unsecure* software in environments
> where users can submit input files is just stupid
> 
> you have two choices:
> 
> * update and find a solution for your needs
> * don't offer a specific service if you can't do it secure

and if it comes to ffmpeg and "my users need instant feedback" you
always can setup a own apache instance allowing shell-execute which
provides a restricted webservice running only on 127.0.0.1 and
called by the public website - this has it's own "php.ini"

that way you can configure sane "disable_functions" blocking any
shell code and so secure Joomla or whatever is running on the
public webserver

i did that years ago for a very large project where instant
images of incoming video streams was needed on a public website

for any public webserver unconditionally open_basedir and the
blacklist below is the way to go and no known vulnerable
software installed

disable_functions = "apache_child_terminate, chown, dl, exec, fileinode, get_current_user, getmypid, getmyuid,
getrusage, highlight_file, link, mail, openlog, passthru, pclose, pcntl_alarm, pcntl_errno, pcntl_exec, pcntl_fork,
pcntl_get_last_error, pcntl_getpriority, pcntl_setpriority, pcntl_signal_dispatch, pcntl_signal, pcntl_sigprocmask,
pcntl_sigtimedwait, pcntl_sigwaitinfo, pcntl_strerror, pcntl_wait, pcntl_waitpid, pcntl_wexitstatus,
pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, pfsockopen, popen,
posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, proc_close, proc_get_status, proc_nice,
proc_open, proc_terminate, shell_exec, show_source, socket_accept, socket_bind, symlink, syslog, system

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-user/attachments/20140721/8bbc0df1/attachment.asc>