[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Prototype Frescobaldi in the browser
From: |
Jean Abou Samra |
Subject: |
Re: Prototype Frescobaldi in the browser |
Date: |
Mon, 8 Aug 2022 19:24:17 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 |
Le 08/08/2022 à 19:02, William a écrit :
I’d like to say something else about this web application that OP should keep
in mind, in case others haven’t brought this up yet. As all of us know,
lilypond includes many features that are designed to be helpful for users who
know what they are doing but could be quite dangerous if malicious code is
parsed, such as the ability to read other files or run system commands. Are you
planning to run lilypond inside a chroot jail and/or in safe mode? Because safe
mode clamps down on a lot of the more extended functionality such as scheme
extensions and even other things such as #(set-global-staff-size).
I guess copying how lilybin et Al handle this will be fine.
Do not use safe mode. It is not truly safe, and going to be entirely
removed in version 2.23.12
(see https://gitlab.com/lilypond/lilypond/-/merge_requests/1522).
Instead, use an external program to sandbox processes, for example
Firejail. LilyPond also has a --jail option predating more modern
sandboxing solutions, but it is recommended to use something else
these days because the slightest mistake in the way --jail is set
up can make it vulnerable. That said, when set up correctly, --jail
is as safe as Firejail or such (namely a lot safer than safe mode).
Best,
Jean
- Re: Prototype Frescobaldi in the browser, (continued)
- Re: Prototype Frescobaldi in the browser, Kieren MacMillan, 2022/08/08
- Re: Prototype Frescobaldi in the browser, David Kastrup, 2022/08/08
- Re: Prototype Frescobaldi in the browser, Kieren MacMillan, 2022/08/08
- Re: Prototype Frescobaldi in the browser, Knute Snortum, 2022/08/08
- Re: Prototype Frescobaldi in the browser, Martin Tarenskeen, 2022/08/08
- Re: Prototype Frescobaldi in the browser, William, 2022/08/08
- Re: Prototype Frescobaldi in the browser,
Jean Abou Samra <=
- Re: Prototype Frescobaldi in the browser, Mike Blackstock, 2022/08/08
Re: Prototype Frescobaldi in the browser, Andrew Bernard, 2022/08/08
Re: Prototype Frescobaldi in the browser, Andrew Bernard, 2022/08/09