[Haskell-cafe] Re: ghc HEAD

[Brandon S Allbery KF8NH]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 9/7/10 10:51 , Edward Z. Yang wrote:
> Excerpts from Johannes Waldmann's message of Tue Sep 07 10:38:47 -0400 2010:
>> It seems it would be needed for all things multi-core,
>> since you'd want to modify +RTS -Nx 
> 
> This is a good point: if RTS options are disabled, there should probably
> be a mechanism for specifying what RTS options should be baked in.

I'd call this incomplete because programs compiled with RTS options enabled
are still insecure.

The correct fix is to ignore GHCRTS and die on +RTS *when setuid*.  Since
this isn't something that can be changed in a running process (well, not
without some fairly evil kernel memory poking) there are no race conditions
to watch out for; just ignore the RTS options when getuid() != geteuid() and
getuid() != 0 (and similar for setgid/setegid, although those are less
critical because gid is really only useful for filesystem permissions).

A better fix would be to identify "safe" settings and only allow those (and
only via +RTS) when setuid.  OTOH that's pretty much the system
configuration version of the Halting Problem :)

- -- 
brandon s. allbery     [linux,solaris,freebsd,perl]      allbery at kf8nh.com
system administrator  [openafs,heimdal,too many hats]  allbery at ece.cmu.edu
electrical and computer engineering, carnegie mellon university      KF8NH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkyGakwACgkQIn7hlCsL25UjmgCghMw4kmTsTxcCTYKYYLxGU8Yl
6HQAoIGA9axL8zqCwDpaR2PL/BGTEnpk
=XlOo
-----END PGP SIGNATURE-----