No problem; if you do implement a chroot jail, the Sessink kit will make it relatively painless.
Of course, 'security' is relative - nothing will stop a commited hacker who's targeted your system, so I'm a bit mystified by some of the other responses here. The original question was how to prevent people from executing arbitrary commands that may remove important system files. The answer is install the jail and limit what's in your bin directories. That'll stop the 'kiddie' hackers, which is probably what you want to do. Cheers, Mike On Wed, May 20, 2009 at 5:37 AM, Alex <[email protected]> wrote: > Mike Blackstock wrote: > >> > > Hi Mike, > thanks for your helpful input. I'm familiar with chroot jails but haven't > implemented one before. Not seen jailkit before - thanks for that. > > I've had a look through the devel and user archives at security mentions. I > found out about the safe option but need to dig further, and do some reading > etc. > > Given my experience at coding around lilypond (i.e. none), I'm not the > ideal person to be looking at effecting safe mode, at least, not solo. If > anyone with more experience is willing to guide a little, I'm willing to > have a look at it (I mean, in the context of actually trying to make changes > acceptable to code base proper). > > Anyway, will have a look in the archives again... > > thanks! > lex > > > > > > > > >
_______________________________________________ lilypond-user mailing list [email protected] http://lists.gnu.org/mailman/listinfo/lilypond-user
