Follows-up:
- Public announcement: T257066: Extension:Score / Lilypond is disabled on all wikis
- Security issue: T257062: Lilypond seemingly not subject to restrictions (CVE-2020-29007)
- Security audit: {T257090}
This task:
- Await completion of security audit at T257090.
- Address any incident follow-ups (see sub tasks).
- Address any issues from the security audit.
- Determine whether the Firejail config that MW generates for Score is sufficient. Make any tweaks as needed. For example, do the limits for walltime, memory, and filesize work as expected and do they need tuning.
- Re-enable Score extension in safe mode if we are comfortable with that.
Source code of Score's Shell+Firejail command: