On Sun, 2005-03-06 at 21:44 +0100, Han-Wen Nienhuys wrote:
> The patch is in.
> It should still be documented. Maybe you can work this out with
> Graham?
OK. Graham, do you think you can give me the piece of texinfo source (it
is my understanding that the manual is in texinfo) with the descriptio
[EMAIL PROTECTED] writes:
> On Sun, 2005-03-06 at 00:04 +0100, Han-Wen Nienhuys wrote:
>
> > If you resend with this change, I will apply the patch.
> >
>
> Here it is.
The patch is in.
It should still be documented. Maybe you can work this out with
Graham?
--
Han-Wen Nienhuys | [EMAIL
[EMAIL PROTECTED] writes:
> On Sun, 2005-03-06 at 00:04 +0100, Han-Wen Nienhuys wrote:
>
> > If you resend with this change, I will apply the patch.
> >
>
> Here it is.
Cool!
BTW, Most of the fragments in input/test/ show nonstandard things. So,
when searching for "transpose", you get smart-t
On Sun, 2005-03-06 at 00:04 +0100, Han-Wen Nienhuys wrote:
> If you resend with this change, I will apply the patch.
>
Here it is.
--
Ciao,
seba
--- lilypond-2.4.4/lily/main.cc 2004-11-04 17:46:43.0 +0100
+++ lilypond-2.4.4-patched/lily/main.cc 2
[EMAIL PROTECTED] writes:
> > with indices and memory management.
>
> OK, this patch is redone using String and String_convert.
>
> Note that I'm including 5 new UNIX standard includes. I don't know if
> this has an effect on portability, or if this needs configure
> tweaking...
>
> For testing
On Sat, 2005-03-05 at 12:09 +0100, Han-Wen Nienhuys wrote:
> Following up on Jan, this would be strdup(jail_spec), but can you
> use our String library? It's immune to all kinds of coding errors
> with indices and memory management.
OK, this patch is redone using String and String_convert.
Note
On Sat, 2005-03-05 at 12:09 +0100, Han-Wen Nienhuys wrote:
> Following up on Jan, this would be strdup(jail_spec), but can you
> use our String library? It's immune to all kinds of coding errors
> with indices and memory management.
OK. Note that strdup is not ANSI/ISO, which is why I never use
[EMAIL PROTECTED] writes:
> +do_chroot_jail ()
> +{
> + /* Now we chroot, setuid/setgrp and chdir. If something goes wrong, we
> exit (this is a
> + security-sensitive area). First we split jail_spec into its components,
> then we
> + retrieve the user/group id (necessarily *before* chro
[EMAIL PROTECTED] writes:
> On Fri, 2005-03-04 at 20:33 +0100, Han-Wen Nienhuys wrote:
>
> > don't use the TeX backend. Starting with 2.6 (release will be
> > soonish), this backend is not officially endorsed anymore.
>
> But will the "lowest-level" backend be self-contained? I.e., will there
> b
Sebastiano Vigna writes:
> This new version should make everybody happy.
> + char *group_name = strpbrk (user_name, ",");
> + if (! group_name)
> + char *jail = strpbrk(group_name, ",");
> + if (! jail)
I suspect this can be written a bit more elegant using
string_convert::split ()(flower/s
On Fri, 2005-03-04 at 20:49 +0100, Han-Wen Nienhuys wrote:
>
> Style nitpicks:[...]
This new version should make everybody happy.
Do you think this stuff can make it to 2.6?
--
Ciao,
seba
--- lilypond-2.4.4/lily/main.cc 2004-11-04 17:46:43.0 +01
On Fri, 2005-03-04 at 13:56 -0500, Paul Jarc wrote:
> Sebastiano Vigna <[EMAIL PROTECTED]> wrote:
> I'd suggest:
> if (change_root) {
> if (chdir(change_root) || chroot(".")) {
>
> Otherwise, you might use -c alone and be misled into thinking you're
> safer than you really are. This also makes
[EMAIL PROTECTED] writes:
>
> On 4-Mar-05, at 11:33 AM, Han-Wen Nienhuys wrote:
> > don't use the TeX backend. Starting with 2.6 (release will be
> > soonish), this backend is not officially endorsed anymore.
>
> Does that change anything for lilypond-book?
No, not really. lilypond-book now sim
On 4-Mar-05, at 11:33 AM, Han-Wen Nienhuys wrote:
don't use the TeX backend. Starting with 2.6 (release will be
soonish), this backend is not officially endorsed anymore.
Does that change anything for lilypond-book?
- Graham
___
lilypond-devel mailing li
[EMAIL PROTECTED] writes:
>exit (2);
> }
>
> + /* Now we chroot, setuid/setgrp and chdir. If something goes wrong, we
> exit (this is a
> + security-sensitive area). */
> +
> + /* We must retrieve the user/group id *before* chroot'ing! */
> + int uid, gid;
Style nitpicks:
[EMAIL PROTECTED] writes:
> Whoops, I forgot one important aspect.
>
> Presently, the whole thing works for compiling *with the --tex option*.
> I have not yet explored the possibility of having a larger set of the
> compilation process carried out, but this seems to me a minor problem,
> as I thi
Whoops, I forgot one important aspect.
Presently, the whole thing works for compiling *with the --tex option*.
I have not yet explored the possibility of having a larger set of the
compilation process carried out, but this seems to me a minor problem,
as I think it is always possible to run the ot
Sebastiano Vigna <[EMAIL PROTECTED]> wrote:
> I think this is a satisfactory solution for people wanting to run lily
> on a server, with greater freedom than that provided by safe mode.
I agree - privilege limitations are already well covered and enforced
by the kernel. Better to reuse that well-
Dear developers,
I think I found a reasonable solution.
I'm including a patch for main.cc against the current stable release
(2.4.4). It adds new options
--set-user ('u')
--set-group ('g')
--chroot ('r')
--chdir ('d')
that allow one to first chroot, then setuid/setgrp, and finally chdir.
Using
On Sat, 2005-02-26 at 13:40 +0100, Han-Wen Nienhuys wrote:
> There is a RPM spec in the tarball
> (make/out/lilypond.fedora.spec). Due to GS issues, building the doc
> rpm doesn't work, but building the base program does
>
Apparently the packager forgot to include a build dependency on
fontforge
On Sat, 2005-02-26 at 13:40 +0100, Han-Wen Nienhuys wrote:
>
> I'm missing why you would need suid, but I'm not sure it will work. In
> any case, LilyPond needs to access contents of /usr/share/lilypond, so
> you will have to add those to the chroot jail. Also, I don't know if
> FontConfig and t
[EMAIL PROTECTED] writes:
> Dear developers,
> after some study it appears that the simplest way to run safely Lilypond
> in full mode requires some simple patch to the source. If anybody can
> provide me a source RPM for Fedora Core 3 I'll do it by myself, but it
> would be interesting if the requ
Dear developers,
after some study it appears that the simplest way to run safely Lilypond
in full mode requires some simple patch to the source. If anybody can
provide me a source RPM for Fedora Core 3 I'll do it by myself, but it
would be interesting if the required features could make it into
Lil
23 matches
Mail list logo
