[GHC] #10826: [Security] Safe Haskell can be bypassed via annotations
GHC
ghc-devs at haskell.org
Wed Sep 2 08:15:22 UTC 2015
#10826: [Security] Safe Haskell can be bypassed via annotations
-------------------------------------+-------------------------------------
Reporter: spinda | Owner:
Type: bug | Status: new
Priority: normal | Milestone:
Component: Compiler | Version: 7.10.2
Resolution: | Keywords:
Operating System: Unknown/Multiple | Architecture:
Type of failure: GHC accepts | Unknown/Multiple
invalid program | Test Case:
Blocked By: | Blocking:
Related Tickets: | Differential Revisions:
-------------------------------------+-------------------------------------
Comment (by spinda):
I should note that checking imports after renaming/typechecking, instead
of before, also opens up nasty possibilities with QuasiQuoters, since Safe
Haskell leaves them enabled (despite disabling the rest of Template
Haskell). I have a more involved proof of concept that uses these two in
conjunction to both execute arbitrary IO operations and delve into the GHC
internals through a QuasiQuoter to mark arbitrary modules as safe.
--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/10826#comment:3>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
More information about the ghc-tickets
mailing list