themachinestops@lemmy.dbzer0.com to Technology@lemmy.worldEnglish · 7 days agoAI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugsthehackernews.comexternal-linkmessage-square39linkfedilinkarrow-up1152arrow-down129
arrow-up1123arrow-down1external-linkAI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugsthehackernews.comthemachinestops@lemmy.dbzer0.com to Technology@lemmy.worldEnglish · 7 days agomessage-square39linkfedilink
minus-squaregreyscale@lemmy.grey.ooolinkfedilinkEnglisharrow-up9arrow-down5·7 days agoDoes nobody isolate ffmpeg and friends from their application? I can’t imagine you’d have much fun breaking into a container that terminates the moment the original ffmpeg stops, or over-runs its max execution time…
minus-squareVibeSurgeon@piefed.sociallinkfedilinkEnglisharrow-up1·7 days agoSure, you’d need a second exploit to escalate from there. ffmpeg is expected to run for extended periods of time, given its use in transcoding.
minus-square[object Object]@lemmy.calinkfedilinkEnglisharrow-up22arrow-down1·7 days agoContainer escapes do exist, and they have shared kernel with the host
minus-squarePasserby6497@lemmy.worldlinkfedilinkEnglisharrow-up5·7 days agoIf you’re running rootless containers, it’s less of a concern. I’m trying to move all of my public containers to podman for this reason
Does nobody isolate ffmpeg and friends from their application?
I can’t imagine you’d have much fun breaking into a container that terminates the moment the original ffmpeg stops, or over-runs its max execution time…
Sure, you’d need a second exploit to escalate from there.
ffmpeg is expected to run for extended periods of time, given its use in transcoding.
Container escapes do exist, and they have shared kernel with the host
If you’re running rootless containers, it’s less of a concern. I’m trying to move all of my public containers to podman for this reason