Category Archives: Open Source Multimedia

News regarding open source multimedia projects.

Secure Automated Builds

I have a small, low-power x86 Linux box sitting on the internet. I want to use it to set up an automated build system for FFmpeg. To what end? At the outset, I would like to validate that the entire codebase builds, with all extra modules enabled, under different gcc versions and post results to a webpage.

The process outline is pretty straightforward. At periodic intervals:

  • check out a fresh copy of the FFmpeg SVN tree
  • ‘configure’ with all relevant options and the desired compiler version
  • ‘make’, log the stdout and stderr text in separate text files
  • log the status report to a public website

Pretty simple so far. Other ideas include compiling with multiple compiler versions, including cross-compilers for multiple platforms; automated regression testing; aggregated results sent to a new mailing list [insert your brainstorm here]. I’m starting small because this particular machine requires almost a half hour to complete just one FFmpeg build.

Here is the big item I’m concerned about: How to guard against malicious script injections? Not to say that I don’t trust my FFmpeg brethren but… I can’t think of a good way to end that sentence. But think about it: When you run the configuration script and Makefile, you’re executing free-form shell commands. One of the worser-case scenarios:

all:
    find / | xargs rm -rf

“But Mike,” I hear you exclaim, “as long as you run it as your own unprivileged user vs. root, it won’t destroy the entire system.” That’s terrific news; the easily replaced Linux base system would be safe. So what about running the build process as a heretofore non-existent user (something other than ‘nobody’ since a standard Linux box is going to have files owned by him)? Random shell commands could still, for example, read world-readable files and transmit them offsite. What kind of files? I’m not interested in the fine details, it’s still a security hole.

So there is the possibility of switching to the unknown user in its own chroot’d shell. Ideally, this environment would:

  • prohibit network access (setup process gets the fresh SVN tree before entering chroot shell)
  • have access to various build tools

I guess what I’m wondering is: Have these problems already been solved? Are there open source projects that already provide good solutions to these problems? Otherwise, I already know it’s a lot of work to set up such an chroot environment (and I have no idea how to prohibit network access for a particular user).

Parallels

When you exercise at the gym you see people who are likely just starting with the whole workout thing. Some may have been motivated by realizing that their bodies were not going to last much longer if they didn’t make some major lifestyle changes. Achieving good health is not a state that an unhealthy person can attain overnight. Maintaining good health over the long term requires ongoing discipline.

To tie this into multimedia and open source, I think it’s really fortunate that there has been a talented community of hackers working on open source multimedia playback and encoding solutions for so long. Can you imagine where the open source community would have been in terms of multimedia support if people had just started working on the problem this year? There’s a huge legacy of multimedia formats to support. I mean, the guru does amazing work, but imagine if he only started the effort sometime this year and largely worked on his own. To have to start now would be tantamount to the 350 lb (160 kg) fellow at the gym starting down his long, painful road. Thankfully, the community is more equivalent to long-time regular gym patron and body builder.

I just think it’s a good situation to be in. I shudder when I think what would have happened if open source multimedia playback solutions had been neglected for so long that the community didn’t have the technical knowledge to support its own.