[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lilypond via web interface: security considerations
From: |
Han-Wen Nienhuys |
Subject: |
Re: lilypond via web interface: security considerations |
Date: |
Thu, 21 May 2009 10:08:01 -0300 |
On Thu, May 21, 2009 at 8:38 AM, Matthias Kilian <address@hidden> wrote:
> On Thu, May 21, 2009 at 11:41:36AM +0100, Alex wrote:
>> Yeah, I've just been looking at safe-lily.scm which appears to filter
>> any given module against the safe funcs....
>> Also I saw the bit that bans include files when in safe mode.
>> So, the CPU style DoS attack aside, do the above two cover all known
>> vectors of attack?
>
> Who knows? You've to audit *all* functions allowed in safe-lily.scm.
> And you've to check every future change to those functions. I don't
> believe that such a safe mode will ever be enough to make a program
> really safe.
There is another option I discussed with Dscho; you could make an
--extra-safe mode, which reads the s-exps, but does not call GUILE's
eval. It should be feasible to replace the Scheme eval with a simpler
one (which does not call functions or macros). This would
significantly limit the attack possibilities.
--
Han-Wen Nienhuys - address@hidden - http://www.xs4all.nl/~hanwen
- Re: lilypond via web interface: security considerations, (continued)
- Re: lilypond via web interface: security considerations, Mike Blackstock, 2009/05/19
- Re: lilypond via web interface: security considerations, Daniel Hulme, 2009/05/20
- Re: lilypond via web interface: security considerations, Alex, 2009/05/20
- Re: lilypond via web interface: security considerations, Graham Percival, 2009/05/20
- Re: lilypond via web interface: security considerations, Alex, 2009/05/21
- Re: lilypond via web interface: security considerations, Matthias Kilian, 2009/05/21
- Re: lilypond via web interface: security considerations, Alex, 2009/05/21
- Re: lilypond via web interface: security considerations,
Han-Wen Nienhuys <=
- Re: lilypond via web interface: security considerations, Graham Percival, 2009/05/21
- Re: lilypond via web interface: security considerations, Alex, 2009/05/20
- Re: lilypond via web interface: security considerations, Mike Blackstock, 2009/05/21
- Re: lilypond via web interface: security considerations, Graham Percival, 2009/05/22
- Re: lilypond via web interface: security considerations, Alex, 2009/05/22
- Re: lilypond via web interface: security considerations, Hans Aberg, 2009/05/22
- Re: lilypond via web interface: security considerations, Mike Blackstock, 2009/05/22