this post was submitted on 15 Oct 2024
107 points (99.1% liked)
chat
8174 readers
394 users here now
Chat is a text only community for casual conversation, please keep shitposting to the absolute minimum. This is intended to be a separate space from c/chapotraphouse or the daily megathread. Chat does this by being a long-form community where topics will remain from day to day unlike the megathread, and it is distinct from c/chapotraphouse in that we ask you to engage in this community in a genuine way. Please keep shitposting, bits, and irony to a minimum.
As with all communities posts need to abide by the code of conduct, additionally moderators will remove any posts or comments deemed to be inappropriate.
Thank you and happy chatting!
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Ffmpeg is used by everybody so you'd hope people are looking at it, but I'm sure there's security bugs in there, and probably plenty of them, since it's C parser/decoder code, probably the most dangerous kind of code. I think web browsers do some kind of sandboxing around ffmpeg, plus web browser restrict the kinds of formats they support, but ffmpeg (and peertube?) supports a lot more, many of which will not be audited/fuzzed to the same degree.
Ideally this would be sandboxed so much it can't call anything but read(2) and write(2). I have no idea if any of this software does any sandboxing at all.
Maybe, depends on the what exactly you're worried about. There's potentially political actors that might be interested in fucking with tankie.tube, whereas you can't really target anyone specifically with bittorrent. Also the attacker knows exactly what software will be used to decode the videos, which makes this easier to exploit. I assume that videos can get uploaded to tankie.tube by basically anybody, and those videos would be sent out to be transcoded on random people's machines?
If you assume tankie.tube (maybe peertube in general) is just too small to be on anyone's radar, then that's probably fine.