Re: Prototype Frescobaldi in the browser

[Jean Abou Samra]

Le 08/08/2022 à 19:02, William a écrit :
> I’d like to say something else about this web application that OP should keep 
> in mind, in case others haven’t brought this up yet. As all of us know, 
> lilypond includes many features that are designed to be helpful for users who 
> know what they are doing but could be quite dangerous if malicious code is 
> parsed, such as the ability to read other files or run system commands. Are you 
> planning to run lilypond inside a chroot jail and/or in safe mode? Because safe 
> mode clamps down on a lot of the more extended functionality such as scheme 
> extensions and even other things such as #(set-global-staff-size).
>
> I guess copying how lilybin et Al handle this will be fine.



Do not use safe mode. It is not truly safe, and going to be entirely
removed in version 2.23.12
(see https://gitlab.com/lilypond/lilypond/-/merge_requests/1522).

Instead, use an external program to sandbox processes, for example
Firejail. LilyPond also has a --jail option predating more modern
sandboxing solutions, but it is recommended to use something else
these days because the slightest mistake in the way --jail is set
up can make it vulnerable. That said, when set up correctly, --jail
is as safe as Firejail or such (namely a lot safer than safe mode).

Best,
Jean