[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Lilypond security

From: Graham Percival
Subject: Re: Lilypond security
Date: Thu, 04 Dec 2003 14:14:12 -0800

On Tue, 02 Dec 2003 11:44:21 -0700 (MST)
John Williams <address@hidden> wrote:
> For example, if I download a .ly file from somewhere,
> has any effort been made to prevent that file from
> doing something bad to my system?  For example,
> executing arbitrary scheme code which will erase my
> filesystem.

A quick glance at the .ly file should be sufficient to notice
if they use any scheme -- at least for a small file.  Of course,
somebody with malicious intent would make the scheme hard to spot...

I don't think that scheme can erase your filesystem, unless you're
running it under root -- your normal user doesn't have the permission
to damage the filesystem.  Of course, it could still delete all your
user's data files.

You could run unknown .ly files as another user (make an account
only to be used for potentially unsafe things), or compile the .ly file
inside a chroot jail.

- Graham

reply via email to

[Prev in Thread] Current Thread [Next in Thread]