Am 23.11.2017 um 10:23 schrieb David Kastrup:
Stupid question: what does run-editor do to be inherently safer than run-browser, and what would prevent run-browser from doing the same?
Your suspicion is correct. Also textedit URIs are vulnerable to a very similar attack. So EVERYBODY should completely disable (delete/rename) lilypond-invoke-editor for now. Knut _______________________________________________ lilypond-user mailing list lilypond-user@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-user
