[FFmpeg-user] audio and video sync problem
Tom Evans
tevans.uk at googlemail.com
Mon Jul 7 12:03:23 CEST 2014
On Fri, Jul 4, 2014 at 1:32 PM, Eugene Gekhter <egekhter at pixcel.com> wrote:
> Carl,
>
> Can you explain why sudo ffmpeg is a bad idea?
>
Giving a process more privileges than are necessary for that process
to do its function leads you to be more exposed if any security holes
can be found in that process, since the attacker self-evidently has
more privileges available.
ffmpeg doesn't require enhanced privileges, just to be able to read
its inputs and write to its outputs. Controlling access to
input/output files can be done by changing file owner or group or file
permissions, so using "sudo" solely in order to make an unreadable
input file readable is a lazy and insecure practise that inevitably
exposes you to more risks as outlined in the first paragraph.
Cheers
Tom
More information about the ffmpeg-user
mailing list