themachinestops@lemmy.dbzer0.com to Technology@lemmy.worldEnglish · 19 hours agoAI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugsthehackernews.comexternal-linkmessage-square32linkfedilinkarrow-up1115arrow-down121
arrow-up194arrow-down1external-linkAI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugsthehackernews.comthemachinestops@lemmy.dbzer0.com to Technology@lemmy.worldEnglish · 19 hours agomessage-square32linkfedilink
minus-squarenitroemdash@lemmy.wtflinkfedilinkEnglisharrow-up2·9 hours agoFFMPEG in the command line generally has permission to access the entire non-sudo filesystem and delete files.
minus-squaregreyscale@lemmy.grey.ooolinkfedilinkEnglisharrow-up1·7 hours agoYes but why are we allowing user input to be fed to an executable in that environment?
minus-squareKairos@lemmy.todaylinkfedilinkEnglisharrow-up3·7 hours agoThis is the environment that almost all user software is executed.
FFMPEG in the command line generally has permission to access the entire non-sudo filesystem and delete files.
Yes but why are we allowing user input to be fed to an executable in that environment?
This is the environment that almost all user software is executed.