[FFmpeg-user] Unable to build FFmpeg 4.0 on macOS

Reindl Harald h.reindl at thelounge.net
Sun Apr 29 19:11:22 EEST 2018



Am 29.04.2018 um 18:06 schrieb Reindl Harald:
> 
> 
> Am 29.04.2018 um 17:58 schrieb Paul B Mahol:
>> On 4/29/18, Reindl Harald <h.reindl at thelounge.net> wrote:
>>>
>>>
>>> Am 29.04.2018 um 16:31 schrieb Carl Eugen Hoyos:
>>>>> --enable-pic
>>>>
>>>> Why is this needed?
>>>> (I see it often: If it has an effect, it makes the binary slower, so
>>>> I wonder why people add it.)
>>>
>>> because other than you people care about security and not only
>>> performance - learn about system hardening - and yes given the tons of
>>> errors and voodoo in *all* multimedia codecs it's recommended
>>
>> Which errors and voodoo?
>> Can you point them?

> please don't play fool - thank you!
> 
> you have hunrdets of critical bugs in *every* multimedia library over
> the past years and hardening binaries is for make *currently unknown*
> vulernabilities more difficult to trigger
> 
> if one don't have the slightest clue about
> https://en.wikipedia.org/wiki/Binary_hardening he better should not
> recommend remove options like "--enable-pic" which should be *default*
> until someone decides sacrifice security by performance
https://fedoraproject.org/wiki/Changes/Harden_All_Packages

in the past he policy was only for long running applications or
applications handling untrusted input - given that ffmpeg is linked into
a ton of applications up to browsers it's handeling untrusted input by
definition

and because that applies to nearly any application and be it only a
pdf-reader opening some downloaded file froma random source smart people
decided long ago that haredning all binaries is they way to go


More information about the ffmpeg-user mailing list