Re: weblily: security risk

[Weblily]

Hi Graham,

thank your for sharing your thoughts about weblily.net. Of cource, 
security is a concern I have on my mind and I'd be happy to get into 
discussion with you and other knowledgable people on security issues. 
And I will do my very best notto fall prey to all those evil people out 
there, granted.Though I must confess, the tonality of your first e-mail 
did not really sound very inviting. But let's forget about that.

Please take into consideration: I am not a specialist on computer 
security and rather (sorry for that) only an enthusiast working with 
some fervour on his little project. But I'll happily listen to any good 
advice.

I would really like to know about security problems on weblily.net and 
would definitely work on overcoming them with the limited means I have.

To give some facts:
* weblily.net uses Liferay als portal software
* the editor runs as Liferay Web Content on the page 
http://weblily.net/web/guest/runlilypond
* the editor is a Google GWT application, i.e. JavaScript using GWT RPC 
to communicate with a java servlet hosted on the same Tomcat Liferay is 
running on
* the servlet runs as user tomcat
* LilyPond is called from the java servlet using the 
--jail=lily,lily,... option, i.e. runs as user lily
* Hopefully the user lily has write permission only for the 
/homel/lily/scores/ and the /tmp directory in the jail
* /home/lily/scores is visible as http://weblily.net/app/scores
* /tmp should not be visible from the outside at all, but who knows?
* other paths, like the permalink and template directories are not 
visible within the jail

A problem I do have are crashes and infinite loops of LilyPond. After 5 
such events you will get a "Server overloaded" message and it will take 
about 30 seconds before LilyPond will be running again. Of course, if 
too many people are working simultaneously on weblily.net this will 
result in the very same message.

Another message you might occasionally see is "Engraver error", this is 
a nice way of saying: "Servlet crashed" .

You, Jan and Han-Wen are invited to play around with weblily.net and to 
explore potential weaknesses as long as you will inform me as the  first 
person about problems you see and as logn as you will give me a chance 
of fixing it before you go public. And of course, your advice on how 
these problmes might be resolved is always welcome.

In the hope of providing a useful service to the LilyPond community,

Johannes

PS: I am currently preparing an article about weblily.net for the 
LilyPond Report. Maybe this can be a starting point for discussing ideas 
about how weblily.net might become a useful tool for the LilyPond community.

Am 11.03.2010 02:07, schrieb Graham Percival:
> I apologize for this email; I jumped to a false conclusion and
> made a baseless accusation.  I now have no reason to believe that
> weblily poses a risk.
>
> I'm sorry.
>
> - Graham Percival
>
>
> On Wed, Mar 10, 2010 at 08:21:24PM +0000, Graham Percival wrote:
>    
> > Mr. Weblily,
> >
> > I like your enthusiasm with your weblily project, but for Mao's
> > sake please learn something about computer security.  The current
> > website is completely insecure.
> >
> > This is not a theoretical concern.  It would take me approximately
> > two minutes to delete everything in your /home/lily/ directory --
> > not just material in /home/lily/scores/.
> >
> >
> > I wouldn't do this, of course -- but if a non-expert like me could
> > do this so quickly, I'm certain that an experienced and malicious
> > hacker could do far worse.  Such as taking over your machine and
> > using it to attack other websites, distributing child porn, or
> > whatever.
> >
> > If you want to continue to run your project without any regard for
> > security, that's your business, but I want it understood that
> > YOU HAVE COMPLETELY DISREGARDED ALL COMMON SENSE AND HAVE NOT READ
> > THE MATERIAL ABOUT SECURITY IN OUR DOCUMENTATION.  YOU RUN
> > LILYPOND IN THIS FASHION COMPLETELY AT YOUR OWN RISK, AND IF THE
> > GERMAN EQUIVALENT OF THE FBI COMES KNOCKING ON YOUR DOOR ASKING
> > WHY YOU ARE DISTRIBUTING RIPS OF HOLLYWOOD MOVIES OR PIRATED
> > COMMERCIAL SOFTWARE, YOU CANNOT BLAME LILYPOND.
> >
> > The internet is not a playground.  If you're going to hand
> > complete control over your server to other people, you might not
> > like the consequences.
> >
> > - Graham Percival
> >