On 2018-05-10 17:44, Derek Buitenhuis wrote: > These demuxers have probes that mainly probe based on file extension, > and map to codec IDs that render text as video. The result is that > ffmpeg will, by default, happily render, for example, .txt files > as images. This is not exactly a good security practice, an only > makes it easier for potential attackers to gain the contents of > system files. > > Disable building these by default. > > Signed-off-by: Derek Buitenhuis <derek.buitenh...@gmail.com> > --- > I've been hard disabling these at $dayjob for a long time, after some > "interesting" upload attempts, but it should probably be done for > everyone. > > I'm not overly attached implementaion details like the option name > or whether it's done at build time ot runtime, but I think the concept > of "don't render arbitrary system text files" is an important one. > ---
You web people already have options for the various annoying whitelists. Is this not covered by one of them? _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
