[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lilypond via web interface: security considerations
From: |
Mike Blackstock |
Subject: |
Re: lilypond via web interface: security considerations |
Date: |
Thu, 21 May 2009 14:47:54 -0400 |
No problem; if you do implement a chroot jail, the Sessink kit will make it relatively painless.
Of course, 'security' is relative - nothing will stop a commited hacker who's targeted your system, so I'm a bit
mystified by some of the other responses here. The original question was how to prevent people from executing
arbitrary commands that may remove important system files. The answer is install the jail and limit what's
in your bin directories. That'll stop the 'kiddie' hackers, which is probably what you want to do.
Cheers,
Mike
On Wed, May 20, 2009 at 5:37 AM, Alex
<address@hidden> wrote:
Hi Mike,
thanks for your helpful input. I'm familiar with chroot jails but haven't implemented one before. Not seen jailkit before - thanks for that.
I've had a look through the devel and user archives at security mentions. I found out about the safe option but need to dig further, and do some reading etc.
Given my experience at coding around lilypond (i.e. none), I'm not the ideal person to be looking at effecting safe mode, at least, not solo. If anyone with more experience is willing to guide a little, I'm willing to have a look at it (I mean, in the context of actually trying to make changes acceptable to code base proper).
Anyway, will have a look in the archives again...
thanks!
lex
- Re: lilypond via web interface: security considerations, (continued)
- Re: lilypond via web interface: security considerations, Mike Blackstock, 2009/05/19
- Re: lilypond via web interface: security considerations, Daniel Hulme, 2009/05/20
- Re: lilypond via web interface: security considerations, Alex, 2009/05/20
- Re: lilypond via web interface: security considerations, Graham Percival, 2009/05/20
- Re: lilypond via web interface: security considerations, Alex, 2009/05/21
- Re: lilypond via web interface: security considerations, Matthias Kilian, 2009/05/21
- Re: lilypond via web interface: security considerations, Alex, 2009/05/21
- Re: lilypond via web interface: security considerations, Han-Wen Nienhuys, 2009/05/21
- Re: lilypond via web interface: security considerations, Graham Percival, 2009/05/21
- Re: lilypond via web interface: security considerations, Alex, 2009/05/20
- Re: lilypond via web interface: security considerations,
Mike Blackstock <=
- Re: lilypond via web interface: security considerations, Graham Percival, 2009/05/22
- Re: lilypond via web interface: security considerations, Alex, 2009/05/22
- Re: lilypond via web interface: security considerations, Hans Aberg, 2009/05/22
- Re: lilypond via web interface: security considerations, Mike Blackstock, 2009/05/22