2018-04-29 17:54 GMT+02:00, Reindl Harald <[email protected]>: > Am 29.04.2018 um 16:31 schrieb Carl Eugen Hoyos: >>> --enable-pic >> >> Why is this needed? >> (I see it often: If it has an effect, it makes the binary slower, so >> I wonder why people add it.) > > because other than you people care about security and not only > performance - learn about system hardening - and yes given the > tons of errors and voodoo in *all* multimedia codecs it's > recommended
Since you apparently studied this question much more thoroughly than anybody else: Which of the known (fixed or unfixed) bugs in FFmpeg with security relevance (there are thousands) was (is) not exploitable if --enable-pic was used? Do you agree that if no such issue exists, it may not make sense to incorrectly pretend an increased security? Apart from the above: If the user is interested in security, why didn't he use --toolchain=hardened? Carl Eugen _______________________________________________ ffmpeg-user mailing list [email protected] http://ffmpeg.org/mailman/listinfo/ffmpeg-user To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
