[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
chroot/setuid for lilypond (for LSR)
From: |
Han-Wen Nienhuys |
Subject: |
chroot/setuid for lilypond (for LSR) |
Date: |
Sat, 26 Feb 2005 13:40:25 +0100 |
address@hidden writes:
> Dear developers,
> after some study it appears that the simplest way to run safely Lilypond
> in full mode requires some simple patch to the source. If anybody can
> provide me a source RPM for Fedora Core 3 I'll do it by myself, but it
> would be interesting if the required features could make it into
> Lilypond 2.5 (if they seem reasonable).
>
> The idea is to have two command line option, --chroot and --setuid, that
> allow to chroot and setuid lily *after* it has been started. By
>
> chroot'ing after startup we avoid all problems related to library
> loading, and by using a noexec-mounted directory it will be impossible
> to execute binaries.
>
> Depending on when lily loads external files (e.g, before actually
> processing the code or during the compilation) it could be even possible
> at that point to chroot into an empty directory, or just set up some
> hard links.
I'm missing why you would need suid, but I'm not sure it will work. In
any case, LilyPond needs to access contents of /usr/share/lilypond, so
you will have to add those to the chroot jail. Also, I don't know if
FontConfig and the GUILE module system (needed by the backend) can be
run from inside a jail.
> It should be just a matter of adding a couple of lines to handle the two
> new options, but I'd prefer to patch a working source RPM rather than
> building lily from scratch.
There is a RPM spec in the tarball
(make/out/lilypond.fedora.spec). Due to GS issues, building the doc
rpm doesn't work, but building the base program does
--
Han-Wen Nienhuys | address@hidden | http://www.xs4all.nl/~hanwen