Summary: | multimedia/ffmpeg add option to disable network | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Alexander Ushakov <alexander> |
Component: | Individual Port(s) | Assignee: | Thomas Zander <riggs> |
Status: | Closed FIXED | ||
Severity: | Affects Some People | CC: | diizzy, riggs |
Priority: | --- | Flags: | riggs:
maintainer-feedback+
|
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any |
Description
Alexander Ushakov
2023-01-06 15:01:27 UTC
Will take a look Not sure what the actual benefit is since most systems are either connected or offline? If it's a connected system you have more attack vectors than ffmpeg which rarely is accessible by external users. (In reply to Daniel Engberg from comment #2) Typical case is when ffmpeg is used for processing local or uploaded files. In this case there is no need in network connection to remote servers from ffmpeg and network can be disabled. My concerns appeared after I've read https://news.ycombinator.com/item?id=10893301 - special mp4 file allowed to send local files away. If network had been disabled this attack cannot be placed even with vulnerable ffmpeg version. A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=8855990a698ea489ad155282471df4ce864b8fad commit 8855990a698ea489ad155282471df4ce864b8fad Author: Thomas Zander <riggs@FreeBSD.org> AuthorDate: 2023-01-08 16:07:43 +0000 Commit: Thomas Zander <riggs@FreeBSD.org> CommitDate: 2023-01-08 16:23:22 +0000 multimedia/ffmpeg: Add NETWORK DEFAULT OPTION Details: Disabling the NETWORK OPTION (DEFAULT) allows users to compile ffmpeg without networking code in libavcodec. PR: 268786 Reported by: Alexander Ushakov <alexander@polyvizor.com> MFH: 2023Q1 multimedia/ffmpeg/Makefile | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) A commit in branch 2023Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=bbc10a27f343b1a3cd34139498cfca70ac43580a commit bbc10a27f343b1a3cd34139498cfca70ac43580a Author: Thomas Zander <riggs@FreeBSD.org> AuthorDate: 2023-01-08 16:07:43 +0000 Commit: Thomas Zander <riggs@FreeBSD.org> CommitDate: 2023-01-08 23:38:29 +0000 multimedia/ffmpeg: Add NETWORK DEFAULT OPTION Details: Disabling the NETWORK OPTION (DEFAULT) allows users to compile ffmpeg without networking code in libavcodec. PR: 268786 Reported by: Alexander Ushakov <alexander@polyvizor.com> MFH: 2023Q1 (cherry picked from commit 8855990a698ea489ad155282471df4ce864b8fad) multimedia/ffmpeg/Makefile | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) |