[Haskell-cafe] ghci in gallery
Duncan Rowland
drowland at lincoln.ac.uk
Thu Feb 13 08:29:31 UTC 2014
Dear All,
new to haskell, so this might be obvious, but...
I'm setting up a gallery installation (OSX) that exposes a command
line haskell to the visitors.
The process is run with user 'nobody', so hopefully that will be a
bit safer, i.e.
cat visitor_commands_pipe | sudo -u nobody ghci -XOverloadedStrings
But how question are:
1) what sort of damage could a malicious user do to my system by
entering commands into the pipe?
2) what should I do to protect my system? I can filter the user
commands as I like, but I do not want to run 'in a webpage'.
Thanks in advance,
-Duncan.
More information about the Haskell-Cafe
mailing list