[Haskell-cafe] .ghci files (Was: ANN: cabal-ghci 0.1)

Joachim Breitner mail at joachim-breitner.de
Sun Sep 11 14:11:35 CEST 2011


Hi,

Am Samstag, den 10.09.2011, 19:34 +0200 schrieb Erik Hesselink:
> On Sat, Sep 10, 2011 at 18:51, Joachim Breitner
> <mail at joachim-breitner.de> wrote:
> > Am Samstag, den 10.09.2011, 11:26 +0200 schrieb Erik Hesselink:
> >> Did you know you can also put a .ghci file in your project dir, and if
> >> you start ghci from that dir, it will also load that file? I think
> >> that allows you to replicate some of the functionality of this tool,
> >> since it allows per project ghci options.
> >
> > is this well known and documented enough? It seems to me that most
> > people would not expect that running "ghci" in a directory can cause
> > arbitrary commands to be executed. This could be a security issue, e.g.
> > running ghci in a just downloaded software package with a rouge .ghci
> > file... but I am not sure what can or should be done about it.
> 
> Running ghci runs template haskell, which can already run arbitrary
> code. Not that that fact makes this more secure, but if you don't
> trust the Haskell packages you're installing, there are larger
> security issues than .ghci files.

yes, but this requires actively loading a file. Executing arbitrary
commads when someone starts ghci in a rouge folder (consider an examiner
on a multi-user machine at a university) is of a different quality.
Especially as the file is hidden – TH code can easily be checked for
before.

Also it affects invocations "ghc -e", which conceivably could be used in
aliases for some action unrelated to running a ghci session, as in
http://www.joachim-breitner.de/blog/archives/156-Haskell-on-the-Command-Line.html

Maybe the file shouldn’t be hidden, this would give some protection.
Alternatively, ghci could keep a white-list of files somewhere ~/.ghci
and ask if it should execute a .ghci file that has not been encountered
before.

I just noticed that it will not read files in directories not owned by
you and warn you about it (e.g. in /tmp), which is a good start. But
this does not help against files in packaged repositories.

Greetings,
Joachim



-- 
Joachim "nomeata" Breitner
  mail at joachim-breitner.de  |  nomeata at debian.org  |  GPG: 0x4743206C
  xmpp: nomeata at joachim-breitner.de | http://www.joachim-breitner.de/

 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20110911/5fd2188d/attachment.pgp>


More information about the Haskell-Cafe mailing list