[FFmpeg-devel] [RFC][PATCH] configure: Disable unsafe demuxers by default
Derek Buitenhuis
derek.buitenhuis at gmail.com
Thu May 10 18:44:59 EEST 2018
These demuxers have probes that mainly probe based on file extension,
and map to codec IDs that render text as video. The result is that
ffmpeg will, by default, happily render, for example, .txt files
as images. This is not exactly a good security practice, an only
makes it easier for potential attackers to gain the contents of
system files.
Disable building these by default.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis at gmail.com>
---
I've been hard disabling these at $dayjob for a long time, after some
"interesting" upload attempts, but it should probably be done for
everyone.
I'm not overly attached implementaion details like the option name
or whether it's done at build time ot runtime, but I think the concept
of "don't render arbitrary system text files" is an important one.
---
Changelog | 1 +
configure | 7 +++++++
tests/fate.sh | 1 +
3 files changed, 9 insertions(+)
diff --git a/Changelog b/Changelog
index d442ced..e3f8e83 100644
--- a/Changelog
+++ b/Changelog
@@ -6,6 +6,7 @@ version <next>:
- tmix filter
- amplify filter
- fftdnoiz filter
+- unsafe demuxers that render text files now disabled by default
version 4.0:
diff --git a/configure b/configure
index a1f13a7..2f2805e 100755
--- a/configure
+++ b/configure
@@ -107,6 +107,7 @@ Configuration options:
--enable-small optimize for size instead of speed
--disable-runtime-cpudetect disable detecting CPU capabilities at runtime (smaller binary)
--enable-gray enable full grayscale support (slower color)
+ --enable-unsafe-demuxers enable unsafe-by-default demuxers
--disable-swscale-alpha disable alpha channel support in swscale
--disable-all disable building components, libraries and programs
--disable-autodetect disable automatically detected external libraries [no]
@@ -1784,6 +1785,7 @@ FEATURE_LIST="
small
static
swscale_alpha
+ unsafe_demuxers
"
LIBRARY_LIST="
@@ -3100,6 +3102,7 @@ videotoolbox_encoder_deps="videotoolbox VTCompressionSessionPrepareToEncodeFrame
# demuxers / muxers
ac3_demuxer_select="ac3_parser"
+adf_demuxer_deps="unsafe_demuxers"
aiff_muxer_select="iso_media"
asf_demuxer_select="riffdec"
asf_o_demuxer_select="riffdec"
@@ -3107,6 +3110,7 @@ asf_muxer_select="riffenc"
asf_stream_muxer_select="asf_muxer"
avi_demuxer_select="iso_media riffdec exif"
avi_muxer_select="riffenc"
+bintext_demuxer_deps="unsafe_demuxers"
caf_demuxer_select="iso_media riffdec"
caf_muxer_select="iso_media"
dash_muxer_select="mp4_muxer"
@@ -3124,6 +3128,7 @@ flac_demuxer_select="flac_parser"
hds_muxer_select="flv_muxer"
hls_muxer_select="mpegts_muxer"
hls_muxer_suggest="gcrypt openssl"
+idf_demuxer_deps="unsafe_demuxers"
image2_alias_pix_demuxer_select="image2_demuxer"
image2_brender_pix_demuxer_select="image2_demuxer"
ipod_muxer_select="mov_muxer"
@@ -3167,6 +3172,7 @@ swf_demuxer_suggest="zlib"
tak_demuxer_select="tak_parser"
tg2_muxer_select="mov_muxer"
tgp_muxer_select="mov_muxer"
+tty_demuxer_deps="unsafe_demuxers"
vobsub_demuxer_select="mpegps_demuxer"
w64_demuxer_select="wav_demuxer"
w64_muxer_select="wav_muxer"
@@ -3176,6 +3182,7 @@ webm_muxer_select="iso_media riffenc"
webm_dash_manifest_demuxer_select="matroska_demuxer"
wtv_demuxer_select="mpegts_demuxer riffdec"
wtv_muxer_select="mpegts_muxer riffenc"
+xbin_demuxer_deps="unsafe_demuxers"
xmv_demuxer_select="riffdec"
xwma_demuxer_select="riffdec"
diff --git a/tests/fate.sh b/tests/fate.sh
index 0edee7f..6a99d66 100755
--- a/tests/fate.sh
+++ b/tests/fate.sh
@@ -49,6 +49,7 @@ configure()(
--enable-gpl \
--enable-memory-poisoning \
--enable-avresample \
+ --enable-unsafe-demuxers \
${ignore_tests:+--ignore-tests="$ignore_tests"} \
${arch:+--arch=$arch} \
${cpu:+--cpu="$cpu"} \
--
1.8.3.1
More information about the ffmpeg-devel
mailing list