lilypond-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gs -dNOSAFER / windows

From: Knut Petersen
Subject: Re: gs -dNOSAFER / windows
Date: Fri, 1 Jun 2018 17:31:13 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 
Am 30.05.2018 um 13:34 schrieb Knut Petersen:

Am 30.05.2018 um 11:49 schrieb David Kastrup:

    -dSAFER, that is broken on windows.


So the question is: has that apparent group read permission problem (?)
been fixed in the last 13 years?

Unless somebody has a clue, I lean towards just trying this out and
waiting for problem reports.  At least we should know more or less what
to expect now.


We could add $lilypond-datadir/fonts/otf/ and $lilypond-datadir/ps to the
permitted gs resources on the gs command line. Or we explicitly allow all
the external fonts used in the document and always use -dSAFER.


As there is a limit of 2048 bytes for command line arguments in ghostscript and
I managed to hit that limit with experimental code I propose the following 
solution:

1. Never use -dSAFER and -dNOSAFER on the ghostscript command line.

2. No special handling of the gs / windows environment.

3. Always start a postscript file generated by lilypond with code like:

   %!PS-Adobe-3.0
   %%Creator: LilyPond 2.21.0
   %%Pages: 1
   %%PageOrder: Ascend
   %%Orientation: Portrait
   %%DocumentMedia: a4 595.28 841.89 80 () ()
   %%DocumentSuppliedResources: font Emmentaler-20
   %%DocumentSuppliedResources: font TeXGyreSchola-Regular
   %%EndComments
   %%BeginProlog

   << /PermitFileReading [
   
(/home/knut/sources/lilybuilt/share/lilypond/2.21.0/ps/music-drawing-routines.ps)
   (/home/knut/sources/lilybuilt/share/lilypond/2.21.0/ps/lilyponddefs.ps)
   
(/home/knut/sources/lilybuilt/share/lilypond/2.21.0/fonts/otf/emmentaler-11.otf)
   [... a lot of files omitted ...]
   (/usr/share/fonts/texlive-tex-gyre/texgyreschola-regular.otf)
   ] >> setuserparams .locksafe

That means we always give a list of all files the document needs (fonts, our 
helper files) to ghostscript
and then activate ghostscripts safe mode from within the postscript file.

As this could break usage of eps files that try to access external files and 
unsafe postscript code entered
via \markup \postscript I propose to add a command line option '--unsafe-ps' to 
allow a brave Fred Foobar
to use the full power of postscript.

Comments? Objections?

Knut
reply via email to
[Prev in Thread] Current Thread [Next in Thread]