[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

chroot/setuid for lilypond (for LSR)

From: Sebastiano Vigna
Subject: chroot/setuid for lilypond (for LSR)
Date: Thu, 24 Feb 2005 02:29:37 +0100

Dear developers,
after some study it appears that the simplest way to run safely Lilypond
in full mode requires some simple patch to the source. If anybody can
provide me a source RPM for Fedora Core 3 I'll do it by myself, but it
would be interesting if the required features could make it into
Lilypond 2.5 (if they seem reasonable).

The idea is to have two command line option, --chroot and --setuid, that
allow to chroot and setuid lily *after* it has been started. By
chroot'ing after startup we avoid all problems related to library
loading, and by using a noexec-mounted directory it will be impossible
to execute binaries.

Depending on when lily loads external files (e.g, before actually
processing the code or during the compilation) it could be even possible
at that point to chroot into an empty directory, or just set up some
hard links.

It should be just a matter of adding a couple of lines to handle the two
new options, but I'd prefer to patch a working source RPM rather than
building lily from scratch.

Thank you!



reply via email to

[Prev in Thread] Current Thread [Next in Thread]