Re: [GHC] #8058: If .ghci is a symlink, permissions aren't read correctly

Tue, 24 Sep 2013 03:29:51 -0700 

#8058: If .ghci is a symlink, permissions aren't read correctly
-------------------------------+-------------------------------------------
        Reporter:  berdario    |            Owner:
            Type:  bug         |           Status:  closed
        Priority:  low         |        Milestone:
       Component:  GHCi        |          Version:  7.6.2
      Resolution:  invalid     |         Keywords:
Operating System:              |     Architecture:  Unknown/Multiple
  Unknown/Multiple             |       Difficulty:  Easy (less than 1 hour)
 Type of failure:  Other       |       Blocked By:
       Test Case:              |  Related Tickets:
        Blocking:              |
-------------------------------+-------------------------------------------

Comment (by berdario):

 btw, ghci only checks the permissions of the parent directory, but if we
 want to check directory permissions it should be done recursively up to
 the root, doesn't it?

 otherwise, someone who managed to get permissions for ~/.dotfiles/ but not
 ~/.dotfiles/dotfiles/ (or ~/ but not ~/.dotfiles/ ) might be able to move
 away the whole dotfiles directory

 {{{
 dario@macbook ~> ghci
 GHCi, version 7.6.2: http://www.haskell.org/ghc/  :? for help
 Loading package ghc-prim ... linking ... done.
 Loading package integer-gmp ... linking ... done.
 Loading package base ... linking ... done.
 Prelude>
 Leaving GHCi.

 dario@macbook ~> ls -l (readlink .ghci)
 -rw-r--r-- 1 dario dario 10 Jul 14 15:25
 /home/dario/.dotfiles/dotfiles/ghci.conf

 dario@macbook ~> ls -ld (dirname (readlink .ghci))
 drwxr-xr-x 7 dario dario 4096 Sep 24 12:22 /home/dario/.dotfiles/dotfiles/

 dario@macbook ~> ls -ld (dirname (dirname (readlink .ghci)))
 drwxrwxr-x 5 dario dario 4096 May 13 20:19 /home/dario/.dotfiles/
 }}}


 Or is this uninteresting, due to the fact that changing a whole directory
 is likely going to make errors happen the next time the user needs those
 files? (otoh: if they're readable, the attacker could just move away the
 directory and copy the old files, as to minimize the impact of the
 intrusion)

-- 
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/8058#comment:8>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
_______________________________________________
ghc-tickets mailing list
[email protected]
http://www.haskell.org/mailman/listinfo/ghc-tickets

Reply via email to