[FFmpeg-devel] [PATCH] fftools/ffmpeg_ffplay_ffprobe_cmdutils: add -mask_url to replace the protocol address in the command with the asterisk (*)

Marton Balint cus at passwd.hu
Fri Dec 23 01:14:00 EET 2022 


On Mon, 19 Dec 2022, "zhilizhao(赵志立)" wrote:

>
>
>> On Dec 19, 2022, at 21:40, Marvin Scholz <epirat07 at gmail.com> wrote:
>> 
>> 
>> On 19 Dec 2022, at 14:37, Nicolas George wrote:
>> 
>>> Marvin Scholz (12022-12-19):
>>>> IIUC this means the `-mask_url` option has to be the first option passed,
>>>> which seems a bit of an unfortunate requirement and is not documented at
>>>> all, as far as I can see. So at least this should be clearly documented
>>>> to prevent users being confused why the get an unrecognised option error
>>>> when they do not pass it as the first option.
>>> 
>>> Indeed. And I see no reason to have this option processed specially like
>>> that; it requires at least an explanation.
>>> 
>>>> I am a bit confused how this helps for the issue it tries to solve, as
>>>> for some amount of time, until this is done, it would expose the full
>>>> plaintext URL still, no?
>>> 
>>> This is unavoidable. Still, having sensitive information visible for a
>>> fraction of a second is better than having sensitive information visible
>>> for the length of a playback or transcoding process.
>> 
>> I agree, but then the docs should probably mention that to not give a false
>> sense of absolute security here. And maybe note that it might
>> be a better option to pass the password via stdin or hide the process
>> from other users to completely avoid leaking the password.
>
> We have options like ‘-password', ‘-key’, ‘-cryptokey' and so on. I prefer 
> hide the entire argument lists if we accept this solution. I don’t know about
> system administration, hidepid looks like a neat solution.
> https://linux-audit.com/linux-system-hardening-adding-hidepid-to-proc/

I am not a fan of this masking, because the false sense of security, docs 
or not. Does wget or curl mask its command line?

But I agree, if such "feature" is added, it should remove the whole 
command line. And the docs should point to real solutions, like hidepid.

Regards,
Marton

More information about the ffmpeg-devel mailing list