[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: WikiLily - a lilipond wiki
From: |
Graham Percival |
Subject: |
Re: WikiLily - a lilipond wiki |
Date: |
Wed, 30 Jul 2008 13:36:50 -0700 |
On Wed, 30 Jul 2008 10:26:27 -0400
Mike Blackstock <address@hidden> wrote:
> As for security breaches generally, I had a baptism by fire (see
> http://news.cnet.com/Amnesty-International-hacked/2100-1023-279275.html)
> so I
> keep my ear to the ground for that sort of thing. Unless you've heard
> something
> different, the wikitex-l archives, dating back to 2005, make no
> mention of security breaches with the system.
My point was simply that any website user can execute arbitrary
system command inside lilypond with #(system 'rm -rf ~'). Or
something like that; I can't remember the exact syntax. If you're
certain that your setup doesn't allow the "lilypond" user to
delete/modify anything that isn't strictly temporary, then all
well and good.
Cheers,
- Graham