#8058: If .ghci is a symlink, permissions aren't read correctly
-------------------------------+-------------------------------------------
Reporter: berdario | Owner:
Type: bug | Status: new
Priority: low | Milestone:
Component: GHCi | Version: 7.6.2
Resolution: | Keywords:
Operating System: | Architecture: Unknown/Multiple
Unknown/Multiple | Difficulty: Easy (less than 1 hour)
Type of failure: Other | Blocked By:
Test Case: | Related Tickets:
Blocking: |
-------------------------------+-------------------------------------------
Comment (by berdario):
{{{
dario@macbook ~> ls -l .ghci lrwxrwxrwx 1 dario dario 40 Jul 14 15:27
.ghci -> /home/dario/.dotfiles/dotfiles/ghci.conf
dario@macbook ~> ls -l (readlink -f .ghci) -rw-r--r-- 1 dario dario 10 Jul
14 15:25 /home/dario/.dotfiles/dotfiles/ghci.conf
dario@macbook ~> ghci GHCi, version 7.6.2: http://www.haskell.org/ghc/ :?
for help
Loading package ghc-prim ... linking ... done.
Loading package integer-gmp ... linking ... done.
Loading package base ... linking ... done.
*** WARNING: /home/dario/.dotfiles/dotfiles is writable by someone else,
IGNORING!
Prelude>
}}}
Obviously, /home/dario/.dotfiles/dotfiles isn't writable by someone
else...
Someone else could actually delete the symlink and maybe recreate it...
but it couldn't inject malicious commands in the .ghci, unless the file
pointed by the symlink was also writable by the attacker, in which case,
checking the permissions of the target of the symlink would still prevent
any wrongdoing
--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/8058#comment:1>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
_______________________________________________
ghc-tickets mailing list
[email protected]
http://www.haskell.org/mailman/listinfo/ghc-tickets
