Re: [gst-devel] Re: gstreamer gdk-pixbuf plugin
- From: Matthias Clasen <maclas gmx de>
- To: desktop-devel-list gnome org
- Subject: Re: [gst-devel] Re: gstreamer gdk-pixbuf plugin
- Date: Tue, 16 Dec 2003 00:40:50 +0100
> It could be a nice idea to make a thumbnailer that uses gdk-pixbuf to
> generate thumbnails...
>
> But that still means that it's a security issue if you open untrusted
> content via gdk-pixbuf. Like in Evolution.
>
> I wouldn't trust GStreamer on that. Or Xine. Or any media framework. They
> all didn't have security audits yet...
There are a few options for selectively disabling loaders:
a) Disable the problematic loaders globally, by removing them from
gdk-pixbuf.loaders
b) Do your own sniffing and work with gdk_pixbuf_loader_new_with_type()
c) Let gdk-pixbuf determine the type, but blacklist untrusted loaders
(or, better, list trusted loaders)
loader = gdk_pixbuf_loader_new ();
gdk_pixbuf_loader_write (loader, buf, 128, &error);
format = gdk_pixbuf_loader_get_format (loader);
if (strcmp (gdk_pixbuf_format_get_name (format), "GStreamer") == 0)
{
g_warning ("I don't trust GStreamer yet");
return NULL;
}
Matthias
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]