[GHC] #10826: [Security] Safe Haskell can be bypassed via annotations
GHC
ghc-devs at haskell.org
Sun Sep 6 20:41:11 UTC 2015
#10826: [Security] Safe Haskell can be bypassed via annotations
-------------------------------------+-------------------------------------
Reporter: spinda | Owner:
Type: bug | Status: new
Priority: highest | Milestone: 7.10.3
Component: Compiler | Version: 7.10.2
Resolution: | Keywords:
Operating System: Unknown/Multiple | Architecture:
Type of failure: GHC accepts | Unknown/Multiple
invalid program | Test Case:
Blocked By: | Blocking:
Related Tickets: | Differential Revisions:
-------------------------------------+-------------------------------------
Comment (by goldfire):
Sounds to me like we should just disable annotations entirely in Safe
Haskell. I'm sure someone can be clever enough to sort out the monads, but
no one is requesting this feature, to my knowledge. And it would be
peculiar (but certainly conceivable) to use Safe Haskell and then inspect
.hi files manually (or through `--show-iface`).
So, unless there are objections: disable annotations in Safe Haskell.
Do please add a note in the release notes about this. Given that it's a
safety issue, I think it's reasonable to mark this "merge" so that the fix
goes into 7.10.3. But others may differ here, as the change could kill
existing non-malicious code.
Also, in the error message that happens when a user tries an annotation in
Safe Haskell, I think it would be best to include a link to this ticket,
so that users who ''do'' want the feature have a nice place to make
themselves known.
Many thanks!
--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/10826#comment:9>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
More information about the ghc-tickets
mailing list