#3910: +RTS options introduce a security problem for, e.g., setuid binaries
---------------------------------+------------------------------------------
Reporter: andersk | Owner:
Type: bug | Status: new
Priority: normal | Milestone:
Component: Runtime System | Version: 6.12.1
Keywords: | Difficulty:
Os: Unknown/Multiple | Testcase:
Architecture: Unknown/Multiple | Failure: Incorrect result at runtime
---------------------------------+------------------------------------------
Comment(by simonmar):
Incedentally, Python doesn't support setuid scripts, but it provides a
wrapper program for doing this which removes any dodgy environment
variables before invoking the interpreter:
[http://svn.python.org/projects/python/trunk/Misc/setuid-prog.c]. The
same idea would be necessary for GHC.
I guess the problem for GHC is that you can easily get it wrong by
accident, whereas setuid won't work for Python scripts by default.
--
Ticket URL: <http://hackage.haskell.org/trac/ghc/ticket/3910#comment:1>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
_______________________________________________
Glasgow-haskell-bugs mailing list
[email protected]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-bugs
