Am 29.04.2018 um 18:06 schrieb Reindl Harald: > > > Am 29.04.2018 um 17:58 schrieb Paul B Mahol: >> On 4/29/18, Reindl Harald <[email protected]> wrote: >>> >>> >>> Am 29.04.2018 um 16:31 schrieb Carl Eugen Hoyos: >>>>> --enable-pic >>>> >>>> Why is this needed? >>>> (I see it often: If it has an effect, it makes the binary slower, so >>>> I wonder why people add it.) >>> >>> because other than you people care about security and not only >>> performance - learn about system hardening - and yes given the tons of >>> errors and voodoo in *all* multimedia codecs it's recommended >> >> Which errors and voodoo? >> Can you point them?
> please don't play fool - thank you! > > you have hunrdets of critical bugs in *every* multimedia library over > the past years and hardening binaries is for make *currently unknown* > vulernabilities more difficult to trigger > > if one don't have the slightest clue about > https://en.wikipedia.org/wiki/Binary_hardening he better should not > recommend remove options like "--enable-pic" which should be *default* > until someone decides sacrifice security by performance https://fedoraproject.org/wiki/Changes/Harden_All_Packages in the past he policy was only for long running applications or applications handling untrusted input - given that ffmpeg is linked into a ton of applications up to browsers it's handeling untrusted input by definition and because that applies to nearly any application and be it only a pdf-reader opening some downloaded file froma random source smart people decided long ago that haredning all binaries is they way to go _______________________________________________ ffmpeg-user mailing list [email protected] http://ffmpeg.org/mailman/listinfo/ffmpeg-user To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
