|
From: | Robert Hickman |
Subject: | Re: LilyPond in a CMS [was: Re: Defining custom symbols] |
Date: | Sun, 15 Apr 2018 12:25:02 +0100 |
Thanks, -dsafe looks like the simplest to use but 'In addition, safe mode disallows \include' which I need to use the symbol file. Is it sufficient to concatenate the symbol file at the beginning of the user code?
Am 15.04.2018 um 12:41 schrieb Robert Hickman:
Second thought: (see my previous, sorry about double posting).
What are the risks of integrating lillypond into a CMS from a security perspective, does it allow you to run shell commands for instance? I will not be exposing this publicly, just to the admin interface only I use. I like to know what exploits anything I use could expose howeaver.
Have a look at the options --jail and -dsafe at http://lilypond.org/doc/v2.19/Documentation/usage-big-page.h tml
_______________________________________________
lilypond-user mailing list
address@hidden
https://lists.gnu.org/mailman/listinfo/lilypond-user
[Prev in Thread] | Current Thread | [Next in Thread] |