On Sun, 17 Jan 2016, Carl Eugen Hoyos wrote:
Marton Balint <cus <at> passwd.hu> writes:
The current default pattern type, glob_sequence is
deprecated for almost 3.5 years,
Sorry if I misunderstand: When was it deprecated?
In commit 3a06ea84 at 2012-08-06 by Stefano.
before removing it, we need a new, sensible pattern
default. I suggest "none" which turns off pattern
matching, because using the filename as a pattern
can be a security risk exposing other files in the
source directory,
Is the current default a security risk or would
another default be?
The current pattern matching is a risk, any pattern matching by default
can be a risk, that is why I proposed "none".
Think about a web application putting user uploaded content to a
directory, then the web application transcodes it with ffmpeg. If a
malicous user uploads a file with a crafted name which is interpreted as a
pattern, then the output of the transcoding can contain some or all of the
existing files in the source folder leaking other user's data.
and can also cause problems for file names which
are patterns by themselves.
Have you tried transcoding an image with a percent sign in the file name?
It won't work because % is interpreted as a pattern so you have to use
god know's what escaping... But you only have to do that for file names
which are handled by the image2 demuxer...
I apparently don't understand why this patch is
necessary but it certainly will make many users
unhappy.
You, and wm4 are right about that. It does break compatibility, but to fix
this issue, I think it is inevitable sooner or later.
When is a good time to break compatibility? The next release will be a
new major ffmpeg version, IMHO we should do this before that.
Regards,
Marton
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
