| On Mon, Apr 30, 2001 at 12:19:32 +0100, Simon Marlow wrote:
| > > So, I think a safe solution is to ensure that the .ghci
| file belongs
| > > to the user. Checking for decent permissions would increase
| > > security, but well, IMO it's the users' fault, if he
| creates a 777
| > > .ghci :-P
| >
| > I've thought about this a bit more. It's not enough to
| just check the
| > owner and permissions of .ghci if the current *directory* is world
| > writable.
|
| If user X writes/modifies ./.ghci, then it gets the ownership
| of X, doesn't it?
Wouldn't a safer, if more restrictive, but probably acceptable
solution, be to only read ~user/.ghci and not .ghci in arbitrary
other directories, such as . ? Many other programs only read
rc files from ~/, and that doesn't seem an excessive restriction.
J
_______________________________________________
Glasgow-haskell-bugs mailing list
[EMAIL PROTECTED]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-bugs
