Re: lilypond via web interface: security considerations

[Mike Blackstock]

Install Lilypond in its own chroot jail using Olivier Sessink's
jailkit available
at http://olivier.sessink.nl/jailkit/ A 'chroot jail' means putting Lilypond on
its own filesystem so that nefarious activity - such as deleting
arbitrary files -
will be limited to the Lilypond file system. Furthermore, you just limit
the number of utilities you put in the /bin directories; if you don't
have the 'rm'
command in there, then it can't be run, obviously.

This, and other measures, will give you a fairly secure system, if it's your
own server system and you have control over it. If it's a public system, I doubt
they'll let you do any of this, unless it's one of the VPS ('virtual
personal server')
systems out there. These will run you around $50 a month, and you get your
own root-accessible system that you can pretty much do what you want with.
The guy I'm gonna use for this tells me I can do pretty much anything, short
of recompiling the kernel ;)

Hope this helps - I did it myself last year so fire away if you have
any questions
after searching the archives.


Cheers,
Mike



> When you say that you know how to solve these issues - can you elaborate
> please? Do you mean in terms of the changes required to lilypond to
> enable a "locked down" mode, or something else?
> lex
>
>
>
>
> _______________________________________________
> lilypond-user mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/lilypond-user
>