[GHC] #8058: If .ghci is a symlink, permissions aren't read correctly
GHC
ghc-devs at haskell.org
Tue Sep 24 12:28:53 CEST 2013
#8058: If .ghci is a symlink, permissions aren't read correctly
-------------------------------+-------------------------------------------
Reporter: berdario | Owner:
Type: bug | Status: closed
Priority: low | Milestone:
Component: GHCi | Version: 7.6.2
Resolution: invalid | Keywords:
Operating System: | Architecture: Unknown/Multiple
Unknown/Multiple | Difficulty: Easy (less than 1 hour)
Type of failure: Other | Blocked By:
Test Case: | Related Tickets:
Blocking: |
-------------------------------+-------------------------------------------
Comment (by berdario):
btw, ghci only checks the permissions of the parent directory, but if we
want to check directory permissions it should be done recursively up to
the root, doesn't it?
otherwise, someone who managed to get permissions for ~/.dotfiles/ but not
~/.dotfiles/dotfiles/ (or ~/ but not ~/.dotfiles/ ) might be able to move
away the whole dotfiles directory
{{{
dario at macbook ~> ghci
GHCi, version 7.6.2: http://www.haskell.org/ghc/ :? for help
Loading package ghc-prim ... linking ... done.
Loading package integer-gmp ... linking ... done.
Loading package base ... linking ... done.
Prelude>
Leaving GHCi.
dario at macbook ~> ls -l (readlink .ghci)
-rw-r--r-- 1 dario dario 10 Jul 14 15:25
/home/dario/.dotfiles/dotfiles/ghci.conf
dario at macbook ~> ls -ld (dirname (readlink .ghci))
drwxr-xr-x 7 dario dario 4096 Sep 24 12:22 /home/dario/.dotfiles/dotfiles/
dario at macbook ~> ls -ld (dirname (dirname (readlink .ghci)))
drwxrwxr-x 5 dario dario 4096 May 13 20:19 /home/dario/.dotfiles/
}}}
Or is this uninteresting, due to the fact that changing a whole directory
is likely going to make errors happen the next time the user needs those
files? (otoh: if they're readable, the attacker could just move away the
directory and copy the old files, as to minimize the impact of the
intrusion)
--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/8058#comment:8>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
More information about the ghc-tickets
mailing list