#3910: +RTS options introduce a security problem for, e.g., setuid binaries
------------------------------------------+---------------------------------
Reporter: andersk | Owner: simonmar
Type: bug | Status: closed
Priority: normal | Milestone: 7.0.2
Component: Runtime System | Version: 7.1
Resolution: fixed | Keywords:
Testcase: | Blockedby:
Difficulty: | Os: Unknown/Multiple
Blocking: | Architecture: Unknown/Multiple
Failure: Incorrect result at runtime |
------------------------------------------+---------------------------------
Comment(by andersk):
Replying to [comment:9 guest]:
> just to turn on basic things like -N which should be reasonably safe.
How do you know that passing -N to a setuid binary couldn’t be used to
perform a denial of service attack by spawning many threads as root?
But in general, it should never be up to the compiler to say how the
''program compiled with it'' interprets its command-line arguments and
environment variables. If the programmer wants to allow the user to
change the program’s behavior in those ways, then the programmer needs to
say so.
--
Ticket URL: <http://hackage.haskell.org/trac/ghc/ticket/3910#comment:10>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
_______________________________________________
Glasgow-haskell-bugs mailing list
[email protected]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-bugs
