Topic on Extension talk:SyntaxHighlight

Linux - Mandatory access to /bin/bash to execute pygmentize seems to be inherently unsafe

One comment • 19:36, 26 September 2020 3 years ago
1
2A02:8108:4640:DFE:E879:46E7:2F15:B68 (talkcontribs)

It seems that the pygmentize library uses the mediawiki Shell command to execute bash on Linux.

This in return needs /bin/bash to be accessible.

I understand that you will need to give the web user access to /bin/bash so the pygmentize library will work. Is that true?

I am very hesitant to give a web user access to bash for safety reasons

Reply 19:36, 26 September 2020 3 years ago
Reply to "Linux - Mandatory access to /bin/bash to execute pygmentize seems to be inherently unsafe"
Retrieved from "https://www.mediawiki.org/wiki/Topic:Vupu98xaeckbmwgk"