On 10 May 2018 at 16:44, Derek Buitenhuis <derek.buitenh...@gmail.com>
wrote:
> These demuxers have probes that mainly probe based on file extension,
> and map to codec IDs that render text as video. The result is that
> ffmpeg will, by default, happily render, for example, .txt files
> as images. This is not exactly a good security practice, an only
> makes it easier for potential attackers to gain the contents of
> system files.
>
> Disable building these by default.
>
> Signed-off-by: Derek Buitenhuis <derek.buitenh...@gmail.com>
> ---
> I've been hard disabling these at $dayjob for a long time, after some
> "interesting" upload attempts, but it should probably be done for
> everyone.
>
> I'm not overly attached implementaion details like the option name
> or whether it's done at build time ot runtime, but I think the concept
> of "don't render arbitrary system text files" is an important one.
> ---
> Changelog | 1 +
> configure | 7 +++++++
> tests/fate.sh | 1 +
> 3 files changed, 9 insertions(+)
>
> diff --git a/Changelog b/Changelog
> index d442ced..e3f8e83 100644
> --- a/Changelog
> +++ b/Changelog
> @@ -6,6 +6,7 @@ version <next>:
> - tmix filter
> - amplify filter
> - fftdnoiz filter
> +- unsafe demuxers that render text files now disabled by default
>
>
> version 4.0:
> diff --git a/configure b/configure
> index a1f13a7..2f2805e 100755
> --- a/configure
> +++ b/configure
> @@ -107,6 +107,7 @@ Configuration options:
> --enable-small optimize for size instead of speed
> --disable-runtime-cpudetect disable detecting CPU capabilities at
> runtime (smaller binary)
> --enable-gray enable full grayscale support (slower color)
> + --enable-unsafe-demuxers enable unsafe-by-default demuxers
> --disable-swscale-alpha disable alpha channel support in swscale
> --disable-all disable building components, libraries and
> programs
> --disable-autodetect disable automatically detected external
> libraries [no]
> @@ -1784,6 +1785,7 @@ FEATURE_LIST="
> small
> static
> swscale_alpha
> + unsafe_demuxers
> "
>
> LIBRARY_LIST="
> @@ -3100,6 +3102,7 @@ videotoolbox_encoder_deps="videotoolbox
> VTCompressionSessionPrepareToEncodeFrame
>
> # demuxers / muxers
> ac3_demuxer_select="ac3_parser"
> +adf_demuxer_deps="unsafe_demuxers"
> aiff_muxer_select="iso_media"
> asf_demuxer_select="riffdec"
> asf_o_demuxer_select="riffdec"
> @@ -3107,6 +3110,7 @@ asf_muxer_select="riffenc"
> asf_stream_muxer_select="asf_muxer"
> avi_demuxer_select="iso_media riffdec exif"
> avi_muxer_select="riffenc"
> +bintext_demuxer_deps="unsafe_demuxers"
> caf_demuxer_select="iso_media riffdec"
> caf_muxer_select="iso_media"
> dash_muxer_select="mp4_muxer"
> @@ -3124,6 +3128,7 @@ flac_demuxer_select="flac_parser"
> hds_muxer_select="flv_muxer"
> hls_muxer_select="mpegts_muxer"
> hls_muxer_suggest="gcrypt openssl"
> +idf_demuxer_deps="unsafe_demuxers"
> image2_alias_pix_demuxer_select="image2_demuxer"
> image2_brender_pix_demuxer_select="image2_demuxer"
> ipod_muxer_select="mov_muxer"
> @@ -3167,6 +3172,7 @@ swf_demuxer_suggest="zlib"
> tak_demuxer_select="tak_parser"
> tg2_muxer_select="mov_muxer"
> tgp_muxer_select="mov_muxer"
> +tty_demuxer_deps="unsafe_demuxers"
> vobsub_demuxer_select="mpegps_demuxer"
> w64_demuxer_select="wav_demuxer"
> w64_muxer_select="wav_muxer"
> @@ -3176,6 +3182,7 @@ webm_muxer_select="iso_media riffenc"
> webm_dash_manifest_demuxer_select="matroska_demuxer"
> wtv_demuxer_select="mpegts_demuxer riffdec"
> wtv_muxer_select="mpegts_muxer riffenc"
> +xbin_demuxer_deps="unsafe_demuxers"
> xmv_demuxer_select="riffdec"
> xwma_demuxer_select="riffdec"
>
> diff --git a/tests/fate.sh b/tests/fate.sh
> index 0edee7f..6a99d66 100755
> --- a/tests/fate.sh
> +++ b/tests/fate.sh
> @@ -49,6 +49,7 @@ configure()(
> --enable-gpl \
> --enable-memory-poisoning \
> --enable-avresample \
> + --enable-unsafe-demuxers \
> ${ignore_tests:+--ignore-tests="$ignore_tests"} \
> ${arch:+--arch=$arch} \
> ${cpu:+--cpu="$cpu"} \
> --
> 1.8.3.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
Could you send a patch to disable the decoders as well?
Looks good otherwise.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
