Dangerous compositions?

elkmoose's picture

Hello!

I was just wondering if there are certain compositions that can contain some kind of malicious code or be harmful in any way. I have been going through a few downloaded samples recently, mostly from these forums and QuartzCompositions.com and wondered if I should be more careful about running them or if it's even possible.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

cwright's picture
Re: Dangerous compositions?

(Please read this comment in its entirety)

Outside of QC (in Safari, in iTunes, in QuickTime, etc), QC runs in "safe mode", where possibly dangerous patches aren't loaded. Unsafe patches include patches that access your iSight, your Microphone, your MIDI devices, your filesystem, and possibly network access stuff.

Inside QC, safe mode is disabled, and all patches will operate as normal. This can be a little bit risky, but I've not seen anything malicious to date (at worst, someone could remotely send video or audio, or possibly video/image files to a remote server -- it would take ages to do this from within QC, but it's theoretically possible).

QC compositions do not contain executable code -- they're binary (or rarely xml) plists. The closest to executable code that they contain is CoreImage kernel code, GLSL shader code, and JavaScript -- the first two are very secure, as they have no notion of network access, file access, or anything. JavaScript's environment in QC is very limited -- it cannot manipulate files, or initiate network requests (that I'm aware of).

Here on kineme.net, we have issued some uncelebrated "safe-mode" hack plugins to make unsafe patches work in otherwise safe environments. This is to work around limitations in other applications (notably Keynote, QuickTime, and Modul8). These plugins do not enable unsafe patches in Safari (we deemed that too risky), for some added protection.

If a composition uses no plugins, it's almost certainly safe. the worst it can do is crash QC, or possibly crash your computer on Snow Leopard (a reboot would get you back in working order -- this is due to GPU driver bugs). If the composition uses plugins, it can be extraordinarily dangerous, or completely safe -- it just depends on who wrote the plugin. Our plugins have no known security exploits, and we code rather conservatively (only a handful of our plugins work in safe-mode). That's not saying it's impossible, or that we're extraordinarily good programmers, but we do try to consider malicious uses of our plugins, and make efforts to limit the damage that can be done. Plugins from other parties don't get audited by us, so we have no way of knowing whether or not they're safe.

To date, I've probably run several thousand compositions between Tiger, Leopard, and Snow Leopard. I've come across exactly zero malicious compositions that weren't crafted by myself (I make them sometimes as a proof-of-concept for bug reports). This can change in the future, but currently I wouldn't be too worried (you do have a Time Machine backup, right? :)

So, ultimately, the danger doesn't lie at all in the compositions, but lies in the plugins that are installed.

Hope that helps!

elkmoose's picture
Re: Dangerous compositions?

Thanks for the in-depth reply!