[GHC] #6017: Reading ./.ghci files raises security issues
GHC
ghc-devs at haskell.org
Thu Mar 27 13:49:55 UTC 2014
#6017: Reading ./.ghci files raises security issues
-------------------------------------+------------------------------------
Reporter: nomeata | Owner:
Type: task | Status: new
Priority: high | Milestone: 7.8.1
Component: GHCi | Version: 7.4.1
Resolution: | Keywords:
Operating System: Unknown/Multiple | Architecture: Unknown/Multiple
Type of failure: Other | Difficulty: Unknown
Test Case: | Blocked By:
Blocking: | Related Tickets:
-------------------------------------+------------------------------------
Comment (by Simon Marlow <marlowsd@…>):
In [changeset:"a6f2c852d49313fa8acea2deb3741ab86c6ef995/ghc"]:
{{{
#!CommitTicketReference repository="ghc"
revision="a6f2c852d49313fa8acea2deb3741ab86c6ef995"
Don't perform permission checks for scripts named with -ghci-script
(#6017)
The user explicitly requested this script on the command-line, so it's
unnecessary to require that the script is also owned by the user.
Also, it is currently impossible to make a GHCi wrapper that invokes a
custom script without first making a copy of the script to circumvent
the permissions check, which seems wrong.
}}}
--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/6017#comment:10>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
More information about the ghc-tickets
mailing list