Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
bethekidyouwant 8 hours ago

How does the browser use it ?unless they mean there’s a zero day in libavcodec

fpoling 8 hours ago | parent | next [-]

Browsers run it in a sandbox process together with allocator hardening. Most of the bugs then are just crashed of the sandbox

Another option is WASM or WASM-style sandboxes if using another process is undesirable.

johnnythunder 8 hours ago | parent [-]

One chained sandbox escape away from compromise.

ttoinou 7 hours ago | parent | next [-]

Ahah

But are the compiler+OS that runs the ffmpeg executable really a sandbox ?

loeg 7 hours ago | parent | prev [-]

Which is of course better than zero sandbox escapes.

8 hours ago | parent | prev [-]
[deleted]