Re: Lilypond security

lilypond-user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Lilypond security

From:	Graham Percival
Subject:	Re: Lilypond security
Date:	Thu, 04 Dec 2003 14:14:12 -0800

On Tue, 02 Dec 2003 11:44:21 -0700 (MST)
John Williams <address@hidden> wrote:
> For example, if I download a .ly file from somewhere,
> has any effort been made to prevent that file from
> doing something bad to my system?  For example,
> executing arbitrary scheme code which will erase my
> filesystem.

A quick glance at the .ly file should be sufficient to notice
if they use any scheme -- at least for a small file.  Of course,
somebody with malicious intent would make the scheme hard to spot...

I don't think that scheme can erase your filesystem, unless you're
running it under root -- your normal user doesn't have the permission
to damage the filesystem.  Of course, it could still delete all your
user's data files.

You could run unknown .ly files as another user (make an account
only to be used for potentially unsafe things), or compile the .ly file
inside a chroot jail.

Cheers,
- Graham

[Prev in Thread]

Current Thread

[Next in Thread]

Lilypond security, John Williams, 2003/12/02
- Re: Lilypond security, Jan Nieuwenhuizen, 2003/12/03
- Re: Lilypond security, Graham Percival <=

Prev by Date: Re: Help in setting up music fragments in LaTeX
Next by Date: Re: file names nonsense
Previous by thread: Re: Lilypond security
Next by thread: Votre abonnement à la liste I3tv a été ré silié
Index(es):
- Date
- Thread