Topic on Extension talk:SyntaxHighlight

Jump to navigation Jump to search

Linux - Mandatory access to /bin/bash to execute pygmentize seems to be inherently unsafe

1
2A02:8108:4640:DFE:E879:46E7:2F15:B68 (talkcontribs)

It seems that the pygmentize library uses the mediawiki Shell command to execute bash on Linux.

This in return needs /bin/bash to be accessible.

I understand that you will need to give the web user access to /bin/bash so the pygmentize library will work. Is that true?

I am very hesitant to give a web user access to bash for safety reasons

Reply to "Linux - Mandatory access to /bin/bash to execute pygmentize seems to be inherently unsafe"