[GHC] #10826: [Security] Safe Haskell can be bypassed via annotations
GHC
ghc-devs at haskell.org
Wed Sep 2 02:20:13 UTC 2015
#10826: [Security] Safe Haskell can be bypassed via annotations
-------------------------------------+-------------------------------------
Reporter: spinda | Owner:
Type: bug | Status: new
Priority: normal | Milestone:
Component: Compiler | Version: 7.10.2
Keywords: | Operating System: Unknown/Multiple
Architecture: | Type of failure: GHC accepts
Unknown/Multiple | invalid program
Test Case: | Blocked By:
Blocking: | Related Tickets:
Differential Revisions: |
-------------------------------------+-------------------------------------
{{{
module Test (hook) where
import System.Process
import System.IO.Unsafe
{-# ANN hook (unsafePerformIO (putStrLn "Woops.")) #-}
hook = undefined
}}}
{{{
➜ Test ghc -fpackage-trust -XSafe Test_simple.hs
[1 of 1] Compiling Test_simple ( Test_simple.hs, Test_simple.o )
[flags changed]
Woops.
Test_simple.hs:4:1:
System.IO.Unsafe: Can't be safely imported!
The module itself isn't safe.
}}}
GHC ultimately rejects the program due to the {{{System.IO.Unsafe}}}
import, but this check doesn't occur until GHC has compiled and run the
annotation expression, allowing arbitrary IO operations via
{{{unsafePerformIO}}}.
The solution is probably to move the import check from the end of
renaming/typechecking to the start.
--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/10826>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
More information about the ghc-tickets
mailing list