[GHC] #15567: security of package environment files
GHC
ghc-devs at haskell.org
Sun Aug 26 06:58:56 UTC 2018
#15567: security of package environment files
-------------------------------------+-------------------------------------
Reporter: joeyhess | Owner: (none)
Type: bug | Status: new
Priority: high | Milestone: 8.6.1
Component: Compiler | Version: 8.2.2
Resolution: | Keywords:
Operating System: Unknown/Multiple | Architecture:
| Unknown/Multiple
Type of failure: None/Unknown | Test Case:
Blocked By: | Blocking:
Related Tickets: | Differential Rev(s):
Wiki Page: |
-------------------------------------+-------------------------------------
Comment (by hvr):
Sven, we don't have to throw the baby out with the bathwater -- for ghc
env files to achieve the goal they were invented for they have to be
honoured by default, otherwise they become too tedious to use that we can
just as well give up on them -- it's like asking to have to opt into
`.ghci` files; we can just simply fix the code to follow a similar logic
like we did for `.ghci` files: only read them if the permission/ownership
are sensible.
--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/15567#comment:3>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
More information about the ghc-tickets
mailing list