upvote

points

by cubefox15 hours ago |
comments
upvoteby defrost15 hours ago|
[-]
What prevents running a data stream in, transcoded data out sandbox with no access to unlimited resources, system files, system stacks, etc.

It's okay for a sandbox to fall over due to bad inputs and poor memory security if it can just be restarted and move onto other streams.

reply
upvoteby ReactiveJelly14 hours ago|
parent|
next
[-]
I think Chromium already does sandbox ffmpeg in the renderer process because of their "Rule of Two": https://chromium.googlesource.com/chromium/src/+/HEAD/docs/s...

Thus:

1. Code which processes untrusted input

2. Code written in unsafe languages like C or C++

3. Code that runs without a sandbox

So ffmpeg should be sandboxed, same as the network code and GPU process are sandboxed.

reply
upvoteby defrost14 hours ago|
parent|
[-]
I completely agree, with regard for the GP's point about Android TV's with onboard ffmpeg libraries and Addon Apps that call on said libraries (or pull in their own) ..

Cheap arse low resource TVs should either include some form of sandboxing OR the entire device should be treated as a "can fall over" sandbox .. well isolated from any household LAN of consequence, etc.

It seems unlikely that BoxStore Brand Android TVs will be well designed with an eye to security so <shrug> they're an exercise for home net admin masochists and/or an opportunity to market sensible easy to use IoT age routers that come preconfigured to handle bad-device(s).

reply
upvoteby cubefox13 hours ago|
parent|
[-]
Am I getting this right, you expect TVs which are running Google TV (Android TV is the old name) to be less secure than TVs which are running a different operating system? I think the opposite is the case, because Google TV is developed by Google, which has a lot of experience with software security, while other TV operating systems are developed by companies which clearly don't have that experience.
reply
upvoteby defrost13 hours ago|
parent|
[-]
There are a lot of "Android like" TVs out there.
reply
upvoteby cubefox11 hours ago|
parent|
[-]
Those are running mainly on Google TV. Tizen or webOS are also common but are not based on Android.
reply
upvoteby mr_toad5 hours ago|
parent|
prev|
[-]
Most of them require hardware acceleration from the CPU or GPU and that can potentially be exploited to escape the sandbox. GPUs in particular are difficult to sandbox.
reply