themachinestops@lemmy.dbzer0.com to Technology@lemmy.worldEnglish · il y a 30 joursAI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugsthehackernews.comexternal-linkmessage-square39linkfedilinkarrow-up1150arrow-down128
arrow-up1122arrow-down1external-linkAI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugsthehackernews.comthemachinestops@lemmy.dbzer0.com to Technology@lemmy.worldEnglish · il y a 30 joursmessage-square39linkfedilink
minus-squareVibeSurgeon@piefed.sociallinkfedilinkEnglisharrow-up39arrow-down1·il y a 30 jours Its not like its a system service that you can get ingress through… With a competently crafted payload, you could perhaps get in via someone’s transcoding pipeline.
minus-squaregreyscale@lemmy.grey.ooolinkfedilinkEnglisharrow-up9arrow-down5·il y a 30 joursDoes nobody isolate ffmpeg and friends from their application? I can’t imagine you’d have much fun breaking into a container that terminates the moment the original ffmpeg stops, or over-runs its max execution time…
minus-square[object Object]@lemmy.calinkfedilinkEnglisharrow-up22arrow-down1·il y a 30 joursContainer escapes do exist, and they have shared kernel with the host
minus-squarePasserby6497@lemmy.worldlinkfedilinkEnglisharrow-up5·il y a 30 joursIf you’re running rootless containers, it’s less of a concern. I’m trying to move all of my public containers to podman for this reason
minus-squareVibeSurgeon@piefed.sociallinkfedilinkEnglisharrow-up1·il y a 29 joursSure, you’d need a second exploit to escalate from there. ffmpeg is expected to run for extended periods of time, given its use in transcoding.
With a competently crafted payload, you could perhaps get in via someone’s transcoding pipeline.
Does nobody isolate ffmpeg and friends from their application?
I can’t imagine you’d have much fun breaking into a container that terminates the moment the original ffmpeg stops, or over-runs its max execution time…
Container escapes do exist, and they have shared kernel with the host
If you’re running rootless containers, it’s less of a concern. I’m trying to move all of my public containers to podman for this reason
Sure, you’d need a second exploit to escalate from there.
ffmpeg is expected to run for extended periods of time, given its use in transcoding.