[Haskell-cafe] GHC 7.0.1 developer challenges
Brandon S Allbery KF8NH
allbery at ece.cmu.edu
Wed Dec 8 16:29:48 CET 2010
-----BEGIN PGP SIGNED MESSAGE-----
On 12/8/10 02:17 , Anders Kaseorg wrote:
> On Sat, 2010-12-04 at 13:42 -0500, Brandon S Allbery KF8NH wrote:
>> We went over this some time back; the GHC runtime is wrong here, it
>> should only disable flags when running with geteuid() == 0.
> No. +RTS flags on the command line, at least, need to stay disabled in
> all cases, not just setuid binaries. There are many situations where
> you can arrange for untrusted command line arguments to be passed to
> normal non-setuid binaries running with different privileges, including
> some that you might not expect, such as CGI scripts.
> We can possibly be more permissive with the GHCRTS environment variable,
> as long as we check that we aren’t setuid or setgid or running with
> elevated capabilities, because it’s harder to cross a privilege boundary
> with arbitrary environment variables. But, as already demonstrated by
> the replies, this check is hard to get right.
Then build your CGIs restricted. Restricting the runtime by default,
*especially* when setting runtime options at compile time is so much of a
pain, is just going to cause problems. I'm already thinking that I may have
to skip ghc7.
brandon s. allbery [linux,solaris,freebsd,perl] allbery at kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery at ece.cmu.edu
electrical and computer engineering, carnegie mellon university KF8NH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Haskell-Cafe