lilypond-devel
[Top][All Lists]

## Re: lilypond & wikipedia

 From: Johannes Schindelin Subject: Re: lilypond & wikipedia Date: Mon, 2 Feb 2009 02:21:24 +0100 (CET) User-agent: Alpine 1.00 (DEB 882 2007-12-20)

Hi,

On Mon, 2 Feb 2009, Graham Percival wrote:

> On Mon, Feb 02, 2009 at 12:26:02AM +0100, Werner LEMBERG wrote:
> >
> > Tim Starling, one of the main wikipeda software developers,  says:
> >
> >   My understanding is that
> >
> >   a) safe mode is not secure, being trivially DoS-able by short
> >      infinite loop scripts
>
> As it currently stands, yes.
>
> >   b) safe mode will not work for many of the free scores available on
> >      the web
>
> Depends what you mean by "will not work".  Almost every score (or
> perhaps even *every* score) can be produced without any scheme.
> Whether or not most current free .ly files use (or do not use) any
> scheme is a separate question.

I think that was part of the bad research Tim did that really upset me.

> >   The problems with LilyPond are sufficiently severe that I have, from
> >   time to time, researched alternative music renderers such as
> >   Philip's Music Writer that don't have an embedded scripting
> >   language.
> >
> > Anyone who can shed more light on the raised issues?
>
> I doubt I can explain anything technical about lilypond that you
> don't already know, but from an organizational standpoint I can
> say this: if there's sufficient interest, it could be done.
>
> Assign two Frogs to the task:
> - one person ensures that lilypond input without **any** scheme
>   will always end in a reasonable amount of time.
> - one person modifies --safe.  I'm sure that we can whitelist a
>   few more commands (IIRC changing the paper size is not "safe").
>   But we'll certainly need to remove much of the more basic stuff.
>
> Part of the --safe job might be to add more predefined scheme to
> our predefined tweaks (similar to the "lilypond elegance" stuff).
> For example, generic loops would need to go from --safe, so this
> would eliminate many tweaks.  But if we added a
> #(for-all-notes-in-expression ...) function, *and* ensured that
> this function couldn't call itself, we might be able to keep some
> chunk of functionality while being more secure.
>
>
>
> Then again, we can use a lot of resources just by doing:
>   \repeat 1234567789 { c''''8. c,,,,,16 \times 2/3{ c cis cisis } c2 }
>
> Maybe we could insist that --safe only produces 1 page of score?
> ... trying to keep lilypond within certain CPU-time limits is
> going to be hard.  :(

Right.  But we could add a simple timeout that says "if this fails to
terminate in 20 seconds, it errors _out_".  Likewise, we could have a
user-assignable (where the user would be LilyPond in this context) "nice"
value.

Ciao,
Dscho



reply via email to