Re: lilypond via web interface: security considerations

[Mike Blackstock]

No problem; if you do implement a chroot jail, the Sessink kit will make it relatively painless.

 

Of course, 'security' is relative - nothing will stop a commited hacker who's targeted your system, so I'm a bit

mystified by some of the other responses here. The original question was how to prevent people from executing

arbitrary commands that may remove important system files. The answer is install the jail and limit what's

in your bin directories. That'll stop the 'kiddie' hackers, which is probably what you want to do.

 

Cheers,

Mike

 

 

 

 

 

 

 

 

 

 

On Wed, May 20, 2009 at 5:37 AM, Alex <address@hidden> wrote:

Mike Blackstock wrote:

 

Hi Mike,
thanks for your helpful input. I'm familiar with chroot jails but haven't implemented one before. Not seen jailkit before - thanks for that.

I've had a look through the devel and user archives at security mentions. I found out about the safe option but need to dig further, and do some reading etc.

Given my experience at coding around lilypond (i.e. none), I'm not the ideal person to be looking at effecting safe mode, at least, not solo. If anyone with more experience is willing to guide a little, I'm willing to have a look at it (I mean, in the context of actually trying to make changes acceptable to code base proper).

Anyway, will have a look in the archives again...

thanks!
lex