themachinestops@lemmy.dbzer0.com to Technology@lemmy.worldEnglish · 2 days agoAI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugsthehackernews.comexternal-linkmessage-square39linkfedilinkarrow-up1149arrow-down128
arrow-up1121arrow-down1external-linkAI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugsthehackernews.comthemachinestops@lemmy.dbzer0.com to Technology@lemmy.worldEnglish · 2 days agomessage-square39linkfedilink
minus-squarenitroemdash@lemmy.wtflinkfedilinkEnglisharrow-up2·1 day agoFFMPEG in the command line generally has permission to access the entire non-sudo filesystem and delete files.
minus-squaregreyscaleAlinkfedilinkEnglisharrow-up1·1 day agoYes but why are we allowing user input to be fed to an executable in that environment?
minus-squareKairos@lemmy.todaylinkfedilinkEnglisharrow-up4·1 day agoThis is the environment that almost all user software is executed.
FFMPEG in the command line generally has permission to access the entire non-sudo filesystem and delete files.
Yes but why are we allowing user input to be fed to an executable in that environment?
This is the environment that almost all user software is executed.