On Thu, 2022-05-19 at 09:39 +0200, Jean Abou Samra wrote: > Le 19/05/2022 à 09:28, Jonas Hahnfeld via LilyPond user discussion a écrit : > > As you can see, the REPL itself works just fine. What does not work is > > the REPL server because we disable all networking functionality in our > > Guile build. Here I'm even more hesitant to change direction because > > everything interfacing with network is security-sensitive... > > I am not understanding this concern given that we already give > full control on the file system and the ability to run external > commands ... ?
Which is all local and / or can be confined. If the official binaries allow opening arbitrary server ports and exposing REPLs, this opens the door for "shellcode" attacks. I don't want to see this happen by abusing LilyPond. > If it's about the -dsafe mode, we can talk about that privately. I don't see what should be talked about privately. If there is something to discuss, do it on the mailing list.
signature.asc
Description: This is a digitally signed message part
