On 20.01.2016 18:51, Michael Niedermayer wrote: > On Wed, Jan 20, 2016 at 05:06:37PM +0100, Nicolas George wrote: >> If people start to care about playlist-based security issues (Reimar used to >> warn about it long ago), a cross-protocol solution needs to be found. > > thats true for git-master, and i can look into implementing whitelists > similar to the format&codec whitelists we have
I think introducing protocol_whitelist could be a general solution. It could have sensible defaults, e.g. if it is not passed as option to avio_open2/ffurl_connect it could default to only local protocols unless the protocol to open is a network protocol, in which case it could default to only network protocols. So when opening 'file:', 'concat:' or other local protocol, the protocol_whitelist would default to local protocols. When opening 'http:', 'https:' or other network protocols, the protocol_whitelist would default to network protocols. That should prevent mixing of local and remote data, unless specifically requested by the API/CLI user. So if e.g. a local playlist 'file:' would contain 'http:' URLs a protocol_whitelist allowing this combination would be required for playback. > but ATM my concern is > more about the past releases > > do you object to this patch being applied to the past releases ? I think this patch and the similar one for subfile would at least be better than removing these protocols from released versions. Best regards, Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
