Thanks, -dsafe looks like the simplest to use but 'In addition, safe mode
disallows \include' which I need to use the symbol file. Is it sufficient
to concatenate the symbol file at the beginning of the user code?


On 15 April 2018 at 11:45, Malte Meyn <lilyp...@maltemeyn.de> wrote:

>
>
> Am 15.04.2018 um 12:41 schrieb Robert Hickman:
>
>> Second thought: (see my previous, sorry about double posting).
>>
>> What are the risks of integrating lillypond into a CMS from a security
>> perspective, does it allow you to run shell commands for instance? I will
>> not be exposing this publicly, just to the admin interface only I use. I
>> like to know what exploits anything I use could expose howeaver.
>>
>
> Have a look at the options --jail and -dsafe at
> http://lilypond.org/doc/v2.19/Documentation/usage-big-page.html
>
> _______________________________________________
> lilypond-user mailing list
> lilypond-user@gnu.org
> https://lists.gnu.org/mailman/listinfo/lilypond-user
>
_______________________________________________
lilypond-user mailing list
lilypond-user@gnu.org
https://lists.gnu.org/mailman/listinfo/lilypond-user

Reply via email to