I agree that this feature is dangerous. I would prefer it be turned off
by default and an option given to enable it. Better yet, why not turn
it off altogether and add a builtin command that sources another file.
That way, users could add:
> :source ./.ghci
to their $HOME/.ghci file to get the current behavior, and users could
also take steps to protect themselves before sourceing the other file. I
would also suggest checking that $HOME/.ghci is owned by the current
user and not group- or world- writeable before sourcing it.
Michael Weber wrote:
>
> Please, preserve the Cc: when replying.
>
>
> ghci will load .ghci from current directory and it can contain :! shell
> commands, so if I run ghci in a directory writable by others bad things can
> happen eg. to my files.
> On the other hand it's useful.
> Maybe it could be less dangerous if the immediately damaging stuff (:!) was
> disabled and some warning printed if the file was writable (or owned) by someone
>else?
Thanks,
Matt Harden
_______________________________________________
Glasgow-haskell-bugs mailing list
[EMAIL PROTECTED]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-bugs
