On Thu, May 21, 2009 at 11:41:36AM +0100, Alex wrote: > Graham Percival wrote: >> On Wed, May 20, 2009 at 10:42:28AM +0100, Alex wrote: >> >> This is what -dsafe does. However, this disallows many useful >> tweaks, and also doesn't stop a particular snippet from using >> massive CPU resources. To counteract a DOS attack, you'd need to >> have a separate thread that kills the lilypond process if it takes >> longer than X seconds. >> > Yeah, I've just been looking at safe-lily.scm which appears to filter > any given module against the safe funcs.... > Also I saw the bit that bans include files when in safe mode. > So, the CPU style DoS attack aside, do the above two cover all known > vectors of attack?
I doubt it. I'm pretty sure that safe mode allows loops, so you could just write a four-line lilypond file which adds up numbers in an infinite loop. Boom, DOS. Cheers, - Graham _______________________________________________ lilypond-user mailing list lilypond-user@gnu.org http://lists.gnu.org/mailman/listinfo/lilypond-user