seccomp based sandbox.
Add a ptrace/seccomp based sandbox
This uses seccomp-bpf, so it is only supported only Linux. It likely only works on 64 bit platforms at the moment. It is activated with the option -dsafer.
The sandbox prohibits most system calls that can modify state. File manipulations are subject to the following policy:
All file reads are allowed (this is hard to do otherwise; the numerous dependencies of LilyPond open all types of files)
All writes in /tmp are allowed
Writes to a limited number of file extensions is also allowed
While this is not foolproof, this is much more safe than the old "-dsafe" mode. The "-dsafe" mode does a passable job of protecting inline Scheme from shenanigans directly. Unfortunately, there are many places where "unsafe" modules are still used. For example, all scopes are unsafe by default, so
xyz = \system
will store the 'system' Scheme funcion in a lilypond variable. Creating an exploit is left to the reader as an exercise.
$ cat naughty.ly #(system "id") $ lilypond -dsafer naughty.ly GNU LilyPond 2.21.5 Processing `naughty.ly' Parsing...killing child due to prohibited syscall 13 $ cat naughty2.ly #(open-file "naughty.zip" "w") $ lilypond -dsafer naughty2.ly GNU LilyPond 2.21.5 Processing `naughty2.ly' Parsing...prohibited file access: syscall openat, file naughty.zip