I admit that I only tested getcwd, but doesn't a jail normally report the main dir as / rather than /home/lily ?
... hmm, ok, apparently not. Ok, it might be safe after all. At least, my earlier investigations were flawed, and I'm not keen to continue snooping around. - Graham On Wed, Mar 10, 2010 at 09:29:59PM -0300, Han-Wen Nienhuys wrote: > this is what weblily wrote to me a couple of weeks ago. > > ** > Hi Han-Wen, > > I've continued to work on weblily.net. Now it looks to me almost like > something useful. Of cource, I've taken your advice and now LilyPond > is running in a jail. > > Quite cool: I modified the notation reference: When you click on one > of the examples, it will be opened in weblily.net's editor. > > Cheers, > > Weblily > ** > > On Wed, Mar 10, 2010 at 5:21 PM, Graham Percival > <gra...@percival-music.ca> wrote: > > Mr. Weblily, > > > > I like your enthusiasm with your weblily project, but for Mao's > > sake please learn something about computer security. The current > > website is completely insecure. > > > > This is not a theoretical concern. It would take me approximately > > two minutes to delete everything in your /home/lily/ directory -- > > not just material in /home/lily/scores/. > > > > > > I wouldn't do this, of course -- but if a non-expert like me could > > do this so quickly, I'm certain that an experienced and malicious > > hacker could do far worse. Such as taking over your machine and > > using it to attack other websites, distributing child porn, or > > whatever. > > > > If you want to continue to run your project without any regard for > > security, that's your business, but I want it understood that > > YOU HAVE COMPLETELY DISREGARDED ALL COMMON SENSE AND HAVE NOT READ > > THE MATERIAL ABOUT SECURITY IN OUR DOCUMENTATION. YOU RUN > > LILYPOND IN THIS FASHION COMPLETELY AT YOUR OWN RISK, AND IF THE > > GERMAN EQUIVALENT OF THE FBI COMES KNOCKING ON YOUR DOOR ASKING > > WHY YOU ARE DISTRIBUTING RIPS OF HOLLYWOOD MOVIES OR PIRATED > > COMMERCIAL SOFTWARE, YOU CANNOT BLAME LILYPOND. > > > > The internet is not a playground. If you're going to hand > > complete control over your server to other people, you might not > > like the consequences. > > > > - Graham Percival > > > > > > _______________________________________________ > > lilypond-devel mailing list > > lilypond-devel@gnu.org > > http://lists.gnu.org/mailman/listinfo/lilypond-devel > > > > > > -- > Han-Wen Nienhuys - han...@xs4all.nl - http://www.xs4all.nl/~hanwen _______________________________________________ lilypond-devel mailing list lilypond-devel@gnu.org http://lists.gnu.org/mailman/listinfo/lilypond-devel
