lilypond-devel
[Top][All Lists]

## Re: lilypond & wikipedia

 From: Graham Percival Subject: Re: lilypond & wikipedia Date: Mon, 2 Feb 2009 08:51:12 +0800 User-agent: Mutt/1.5.18 (2008-05-17)

On Mon, Feb 02, 2009 at 12:26:02AM +0100, Werner LEMBERG wrote:
>
> Tim Starling, one of the main wikipeda software developers,  says:
>
>   My understanding is that
>
>   a) safe mode is not secure, being trivially DoS-able by short
>      infinite loop scripts

As it currently stands, yes.

>   b) safe mode will not work for many of the free scores available on
>      the web

Depends what you mean by "will not work".  Almost every score (or
perhaps even *every* score) can be produced without any scheme.
Whether or not most current free .ly files use (or do not use) any
scheme is a separate question.

>   The problems with LilyPond are sufficiently severe that I have, from
>   time to time, researched alternative music renderers such as
>   Philip's Music Writer that don't have an embedded scripting
>   language.
>
> Anyone who can shed more light on the raised issues?

I doubt I can explain anything technical about lilypond that you
don't already know, but from an organizational standpoint I can
say this: if there's sufficient interest, it could be done.

Assign two Frogs to the task:
- one person ensures that lilypond input without **any** scheme
will always end in a reasonable amount of time.
- one person modifies --safe.  I'm sure that we can whitelist a
few more commands (IIRC changing the paper size is not "safe").
But we'll certainly need to remove much of the more basic stuff.

Part of the --safe job might be to add more predefined scheme to
our predefined tweaks (similar to the "lilypond elegance" stuff).
For example, generic loops would need to go from --safe, so this
would eliminate many tweaks.  But if we added a
#(for-all-notes-in-expression ...) function, *and* ensured that
this function couldn't call itself, we might be able to keep some
chunk of functionality while being more secure.

Then again, we can use a lot of resources just by doing:
\repeat 1234567789 { c''''8. c,,,,,16 \times 2/3{ c cis cisis } c2 }

Maybe we could insist that --safe only produces 1 page of score?
... trying to keep lilypond within certain CPU-time limits is
going to be hard.  :(

Cheers,
- Graham