On Sun, Jan 17, 2016 at 08:28:32PM +0100, Marton Balint wrote: > > On Sun, 17 Jan 2016, Carl Eugen Hoyos wrote: > >Marton Balint <cus <at> passwd.hu> writes: > > > >>The current default pattern type, glob_sequence is deprecated > >>for almost 3.5 years, > > > >Sorry if I misunderstand: When was it deprecated? > > > > In commit 3a06ea84 at 2012-08-06 by Stefano. > > >>before removing it, we need a new, sensible pattern default. I > >>suggest "none" which turns off pattern matching, because using > >>the filename as a pattern can be a security risk exposing other > >>files in the source directory, > > > >Is the current default a security risk or would another default > >be? > > The current pattern matching is a risk, any pattern matching by > default can be a risk, that is why I proposed "none". >
> Think about a web application putting user uploaded content to a > directory, then the web application transcodes it with ffmpeg. If a > malicous user uploads a file with a crafted name which is > interpreted as a pattern, then the output of the transcoding can > contain some or all of the existing files in the source folder > leaking other user's data. imagine the user would just supply files that had names matching files already there in that directory They would get overwritten before FFmpeg even starts or if you imply that would be checked for, users then would not be able to uplode their file.avi because someone else already did I think this hypothetical web application has deeper problems or at least is poorly specified what it really does ... [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Let us carefully observe those good qualities wherein our enemies excel us and endeavor to excel them, by avoiding what is faulty, and imitating what is excellent in them. -- Plutarch
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
