Le 08/08/2022 à 19:02, William a écrit :
I’d like to say something else about this web application that OP should keep
in mind, in case others haven’t brought this up yet. As all of us know,
lilypond includes many features that are designed to be helpful for users who
know what they are doing but could be quite dangerous if malicious code is
parsed, such as the ability to read other files or run system commands. Are you
planning to run lilypond inside a chroot jail and/or in safe mode? Because safe
mode clamps down on a lot of the more extended functionality such as scheme
extensions and even other things such as #(set-global-staff-size).
I guess copying how lilybin et Al handle this will be fine.
Do not use safe mode. It is not truly safe, and going to be entirely
removed in version 2.23.12
(see https://gitlab.com/lilypond/lilypond/-/merge_requests/1522).
Instead, use an external program to sandbox processes, for example
Firejail. LilyPond also has a --jail option predating more modern
sandboxing solutions, but it is recommended to use something else
these days because the slightest mistake in the way --jail is set
up can make it vulnerable. That said, when set up correctly, --jail
is as safe as Firejail or such (namely a lot safer than safe mode).
Best,
Jean
