Skip navigation

Monthly Archives: September 2013

Input sanitation is important

A simple PHP script to display which data filtering functions are available with your version. When used properly these can help protect against certain web based attacks such as XSS, and helps perform simple input validation.

<?php ob_start();

$filters = '<h1>Data Filters</h1><table><tr>'
    . '<td><strong>Filter ID</strong></td>'
    . '<td><strong>Filter Name</strong></td></tr>';

foreach(filter_list() as $id =>$filter) {
    $filters .= '<tr><td>' . $filter . '</td><td>' . filter_id($filter) . '</td></tr>';
}
$filters .= '</table>';
echo $filters;
ob_flush();
?>

SELinux and ffmpeg on Fedora Linux

Ran into this during an upgrade of a personal media server upgrade. I have a user who requires a low bandwidth stream for her music, as some of her library is in flac this becomes problematic. Previously I had used the flac library in conjunction with lame to transcode the flac file to mp3 upon request, cached it locally during the push and then discard the data. Now I’m using ffmpeg, which uses many of the same libraries though makes configuration easier. On Fedora however, one of the SELinux contexts on a child library in incorrect, causing Ampache to report:

ffmpeg: error while loading shared libraries: /lib/swresample.so.0: cannot restore segment prot after reloc: Permission Denied

That just smelled like an SElinux denial, so a little research led me to a solution -a very similar solution I had come to during an mySQL compile last week, so I’m writing this one down.

sudo chcon -t textrel_shlib_t /lib/swresample.so.0

Fixed. This should be rolled into a policy so that it survives a re-label.