[FFmpeg-devel] [PATCH] Dynamic plugins loading

Felipe Contreras felipe.contreras
Tue Nov 2 13:36:02 CET 2010 

On Mon, Nov 1, 2010 at 3:54 PM, Nicolas George
<nicolas.george at normalesup.org> wrote:
> Le primidi 11 brumaire, an CCXIX, Michael Niedermayer a ?crit?:
>> I agree with ronald that a plugin architecture wont do us nor our users any
>> good.
>
> My reason for implementing it yesterday, apart from the fact that some
> people did manifest interest about it on the mailing lists some time ago,
> was this:
>
> For a DVB-grabber/player system I maintain, I have designed a custom storage
> format, because none of the existing formats suited my needs. A dynamic
> loading system would have slightly simplified upgrades of the video tools,
> even making it possible to use the distro's versions (if someday they become
> decent).
>
> Anyway, I understand perfectly why most people here do not like the idea of
> a plugin system, and I do not intend to insist for its inclusion. But I have
> spotted a few logical flaws in the argument that have been stated, and I can
> not resist answering them.
>
> The main flaw is that the cat is now out of the box: any GPL abuser can
> download my patch from the mailing-list archives, apply it and use it to
> load its proprietary code. And even without it, what I have written
> yesterday, any half-decent coding monkey working for said GPL abuser could
> have coded too. And if that was not enough, using LD_PRELOAD also allows to
> add plugins to ffmpeg.

I think this is a main feature missing from FFmpeg, and I planned to
do this myself. So, thanks for doing this :)

In fact, I think if this is not accepted in the main branch, I would
push anyway to get it into MeeGo as it would be the only way to get it
there. In fact, probably all distributions would want this, as it's
the only sensible way to package FFmpeg.

> As for the concern about stability and security, I believe it is the concern
> of people who decide to load crappy plugins in their ffmpeg, either with a
> published interface or with LD_PRELOAD.
>
> The problem in Firefox is not that it has an extension mechanism, it's that
> the core developers have taken it as an excuse not to do their job
> completely: "this crucial feature is missing? just write an extension", with
> all the problems that implies (out of date bitrotting extensions, forks).
>
> As far as I can see, the only security issue with this patch is that some
> half-baked privilege escalation systems will sanitize LD_PRELOAD and not
> AV_PLUGIN_PATH.

For security freaks there's the option to disable this.

-- 
Felipe Contreras

More information about the ffmpeg-devel mailing list