On 23/11/17 09:23, David Kastrup wrote: > Knut Petersen <knut_peter...@t-online.de> writes: > >> 12 years ago a security problem was introduced into lilypond-invoke-editor. >> On 2017/11/15 the problem was reported to the bug-lilypond mailing >> list by Gabriel Corona. > > [...] > >> If you do not know if you are affected: >> >> 1.: locate lilypond-invoke-editor >> >> 2. Open lilypond-invoke-editor in your favorite text editor. Search for >> >> (if (is-textedit-uri? uri) >> (run-editor uri) >> (run-browser uri))))) >> >> and replace it with >> >> (if (is-textedit-uri? uri) >> (run-editor uri))))) > > Stupid question: what does run-editor do to be inherently safer than > run-browser, and what would prevent run-browser from doing the same? > > The reason I am asking is that changing the semantics significantly > before 2.20 is icky, yet we would not want to leave a security hole > around we have been given notice of. > > So the question is whether there would not be a sort-of trivial patchup > of this preserving the original intent. > > For the long haul, it's probably the right fix on GNU/Linux systems. I > just have no idea how this would affect other systems and possibly our > installers. > Just to make life hard, using "command -v lilypond-invoke-editor" turns up a file in /usr/local/bin. It is a symbolic link to /usr/local/bin/lilypond-wrapper.guile. That file is (truncating to avoid wrapping):
#!/bin/sh export PYTHONPATH= ... export GUILE_LOAD_PATH= ... export LD_LIBRARY_PATH= ... me=`basename $0` exec "/usr/local/lilypond/usr/bin/guile" \ -e main "/usr/local/lilypond/usr/bin/$me" "$@" It is the file /usr/local/lilypond/usr/bin/lilypond-invoke-editor which contains the statements above.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ lilypond-user mailing list lilypond-user@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-user
