[prev in list] [next in list] [prev in thread] [next in thread]
List: lilypond-devel
Subject: chroot/setuid for lilypond (for LSR)
From: Han-Wen Nienhuys <hanwen () xs4all ! nl>
Date: 2005-02-26 12:40:25
Message-ID: 16928.28217.301132.547268 () byrd ! xs4all ! nl
[Download RAW message or body]
vigna@dsi.unimi.it writes:
> Dear developers,
> after some study it appears that the simplest way to run safely Lilypond
> in full mode requires some simple patch to the source. If anybody can
> provide me a source RPM for Fedora Core 3 I'll do it by myself, but it
> would be interesting if the required features could make it into
> Lilypond 2.5 (if they seem reasonable).
>
> The idea is to have two command line option, --chroot and --setuid, that
> allow to chroot and setuid lily *after* it has been started. By
>
> chroot'ing after startup we avoid all problems related to library
> loading, and by using a noexec-mounted directory it will be impossible
> to execute binaries.
>
> Depending on when lily loads external files (e.g, before actually
> processing the code or during the compilation) it could be even possible
> at that point to chroot into an empty directory, or just set up some
> hard links.
I'm missing why you would need suid, but I'm not sure it will work. In
any case, LilyPond needs to access contents of /usr/share/lilypond, so
you will have to add those to the chroot jail. Also, I don't know if
FontConfig and the GUILE module system (needed by the backend) can be
run from inside a jail.
> It should be just a matter of adding a couple of lines to handle the two
> new options, but I'd prefer to patch a working source RPM rather than
> building lily from scratch.
There is a RPM spec in the tarball
(make/out/lilypond.fedora.spec). Due to GS issues, building the doc
rpm doesn't work, but building the base program does
--
Han-Wen Nienhuys | hanwen@xs4all.nl | http://www.xs4all.nl/~hanwen
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic