On Wed, May 03, 2023 at 11:01:43PM +0200, Timo Rothenpieler wrote:
> On 03.05.2023 21:08, Michael Niedermayer wrote:
> > > > > A quick check for example shows that even something as simple as the
> > > > > HLS BBC Radio streams will fail _all_ checks, since the playlists are
> > > > > hosted on
On 03.05.2023 21:08, Michael Niedermayer wrote:
A quick check for example shows that even something as simple as the
HLS BBC Radio streams will fail _all_ checks, since the playlists are
hosted on another host entirely as the media, thanks to akamai live
streaming.
Playlist here, as an example:
Le keskiviikkona 3. toukokuuta 2023, 22.05.26 EEST Michael Niedermayer a écrit
:
> On Wed, May 03, 2023 at 07:07:09PM +0300, Rémi Denis-Courmont wrote:
> The difference is with a dodgy link its the web browser that has to protect
> the user. With a dodgy HLS file its ffmpeg that has to protect
On Wed, May 03, 2023 at 02:24:34PM +0200, Hendrik Leppkes wrote:
> On Wed, May 3, 2023 at 12:49 PM Michael Niedermayer
> wrote:
> >
> > On Wed, May 03, 2023 at 12:05:54PM +0200, Hendrik Leppkes wrote:
> > > On Tue, May 2, 2023 at 10:57 PM James Almer wrote:
> > > > >
> > > > > added
> > > > >
On Wed, May 03, 2023 at 07:07:09PM +0300, Rémi Denis-Courmont wrote:
> Le keskiviikkona 3. toukokuuta 2023, 16.33.59 EEST Michael Niedermayer a
> écrit
> :
> > This patch was inspired by a report on ffmpeg-security about SSRF
> > (for which custom io_open() callback or soem sort of sandboxing/VM
Le keskiviikkona 3. toukokuuta 2023, 16.33.59 EEST Michael Niedermayer a écrit
:
> This patch was inspired by a report on ffmpeg-security about SSRF
> (for which custom io_open() callback or soem sort of sandboxing/VM can be
> used to avoid it)
> The patch here was intended to explore if we can
Hi
On Wed, May 03, 2023 at 02:16:03PM +0300, Rémi Denis-Courmont wrote:
> Nit: different
fixed
>
> But is there an actual threat model whence it is necessary or even useful for
> a media framework to implement origin policies? On top of my head, this can
> be used by content providers to
On Wed, May 3, 2023 at 12:49 PM Michael Niedermayer
wrote:
>
> On Wed, May 03, 2023 at 12:05:54PM +0200, Hendrik Leppkes wrote:
> > On Tue, May 2, 2023 at 10:57 PM James Almer wrote:
> > > >
> > > > added
> > > > +{"same_none" , "same origin check off" , 0 ,
> > > >
Nit: different
But is there an actual threat model whence it is necessary or even useful for a
media framework to implement origin policies? On top of my head, this can be
used by content providers to prevent third parties from referencing their media
files... but that seems user-hostile; it
On Wed, May 03, 2023 at 12:05:54PM +0200, Hendrik Leppkes wrote:
> On Tue, May 2, 2023 at 10:57 PM James Almer wrote:
> > >
> > > added
> > > +{"same_none" , "same origin check off" , 0 ,
> > > AV_OPT_TYPE_CONST, { .i64 = AVFMT_SAME_ORIGIN_CHECK_NONE }, 0, INT_MAX,
> > >
On Tue, May 2, 2023 at 10:57 PM James Almer wrote:
> >
> > added
> > +{"same_none" , "same origin check off" , 0 ,
> > AV_OPT_TYPE_CONST, { .i64 = AVFMT_SAME_ORIGIN_CHECK_NONE }, 0, INT_MAX,
> > D|E, "same_origin"},
>
> "none" sounds more natural.
>
> >
> >
> >> And do we
Quoting Michael Niedermayer (2023-05-02 23:15:46)
> the problem with default-disabled is that the user needs to know
> 1. that the option exist
> 2. what the option does
> 3. what an attacker can do with such urls
> 4. that its not enabled by default
>
> OTOH if its enabled by default, the worst
Quoting Michael Niedermayer (2023-05-02 21:36:31)
> TODO: bump minor version, add docs
>
> Signed-off-by: Michael Niedermayer
> ---
> libavformat/avformat.h | 10 ++
> libavformat/options.c | 29 +
> libavformat/options_table.h | 3 +++
> 3 files
On Tue, May 02, 2023 at 05:57:09PM -0300, James Almer wrote:
> On 5/2/2023 5:16 PM, Michael Niedermayer wrote:
> > On Tue, May 02, 2023 at 05:00:29PM -0300, James Almer wrote:
> > > On 5/2/2023 4:36 PM, Michael Niedermayer wrote:
> > > > TODO: bump minor version, add docs
> > > >
> > > >
On 5/2/2023 5:16 PM, Michael Niedermayer wrote:
On Tue, May 02, 2023 at 05:00:29PM -0300, James Almer wrote:
On 5/2/2023 4:36 PM, Michael Niedermayer wrote:
TODO: bump minor version, add docs
Signed-off-by: Michael Niedermayer
---
libavformat/avformat.h | 10 ++
On Tue, May 02, 2023 at 05:00:29PM -0300, James Almer wrote:
> On 5/2/2023 4:36 PM, Michael Niedermayer wrote:
> > TODO: bump minor version, add docs
> >
> > Signed-off-by: Michael Niedermayer
> > ---
> > libavformat/avformat.h | 10 ++
> > libavformat/options.c | 29
On 5/2/2023 4:36 PM, Michael Niedermayer wrote:
TODO: bump minor version, add docs
Signed-off-by: Michael Niedermayer
---
libavformat/avformat.h | 10 ++
libavformat/options.c | 29 +
libavformat/options_table.h | 3 +++
3 files changed, 42
17 matches
Mail list logo
