[GHC] #8058: If .ghci is a symlink, permissions aren't read correctly
GHC
ghc-devs at haskell.org
Tue Sep 24 03:50:58 CEST 2013
#8058: If .ghci is a symlink, permissions aren't read correctly
-------------------------------+-------------------------------------------
Reporter: berdario | Owner:
Type: bug | Status: closed
Priority: low | Milestone:
Component: GHCi | Version: 7.6.2
Resolution: invalid | Keywords:
Operating System: | Architecture: Unknown/Multiple
Unknown/Multiple | Difficulty: Easy (less than 1 hour)
Type of failure: Other | Blocked By:
Test Case: | Related Tickets:
Blocking: |
-------------------------------+-------------------------------------------
Changes (by leroux):
* status: new => closed
* resolution: => invalid
Comment:
Reformatted output from berdario:
{{{
$ ls -l .ghci
lrwxrwxrwx 1 dario dario 40 Jul 14 15:27 .ghci ->
/home/dario/.dotfiles/dotfiles/ghci.conf
$ ls -l (readlink -f .ghci)
-rw-r--r-- 1 dario dario 10 Jul 14 15:25
/home/dario/.dotfiles/dotfiles/ghci.conf
$ ghci
GHCi, version 7.6.2: http://www.haskell.org/ghc/ :? for help
Loading package ghc-prim ... linking ... done.
Loading package integer-gmp ... linking ... done.
Loading package base ... linking ... done.
* WARNING: /home/dario/.dotfiles/dotfiles is writable by someone else,
IGNORING!
Prelude>
}}}
The attacker could symlink `.ghci` to another file which has malicious
code.
----
Output from my system:
{{{
$ ls -l .ghci
lrwxr-xr-x 1 leroux staff 44 Jul 30 10:02 .ghci ->
/Users/leroux/.dotfiles/haskell/ghci.symlink
$ ls -l `readlink .ghci`
-rwxr-x--- 1 leroux staff 338 Sep 22 18:59
/Users/leroux/.dotfiles/haskell/ghci.symlink
}}}
----
Fix:
{{{
$ chmod 755 .ghci
}}}
--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/8058#comment:2>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
More information about the ghc-tickets
mailing list