[Haskell-cafe] .ghci files (Was: ANN: cabal-ghci 0.1)
Erik Hesselink
hesselink at gmail.com
Sat Sep 10 19:34:12 CEST 2011
On Sat, Sep 10, 2011 at 18:51, Joachim Breitner
<mail at joachim-breitner.de> wrote:
> Am Samstag, den 10.09.2011, 11:26 +0200 schrieb Erik Hesselink:
>> Did you know you can also put a .ghci file in your project dir, and if
>> you start ghci from that dir, it will also load that file? I think
>> that allows you to replicate some of the functionality of this tool,
>> since it allows per project ghci options.
>
> is this well known and documented enough? It seems to me that most
> people would not expect that running "ghci" in a directory can cause
> arbitrary commands to be executed. This could be a security issue, e.g.
> running ghci in a just downloaded software package with a rouge .ghci
> file... but I am not sure what can or should be done about it.
Running ghci runs template haskell, which can already run arbitrary
code. Not that that fact makes this more secure, but if you don't
trust the Haskell packages you're installing, there are larger
security issues than .ghci files.
Erik
More information about the Haskell-Cafe
mailing list