#3910: +RTS options introduce a security problem for, e.g., setuid binaries
------------------------------------------+---------------------------------
Reporter: andersk | Owner: simonmar
Type: bug | Status: closed
Priority: normal | Milestone: 7.0.2
Component: Runtime System | Version: 7.1
Resolution: fixed | Keywords:
Testcase: | Blockedby:
Difficulty: | Os: Unknown/Multiple
Blocking: | Architecture: Unknown/Multiple
Failure: Incorrect result at runtime |
------------------------------------------+---------------------------------
Comment(by duncan):
Replying to [comment:10 andersk]:
> Replying to [comment:9 guest]:
> > just to turn on basic things like -N which should be reasonably safe.
>
> How do you know that passing -N to a setuid binary couldn’t be used to
perform a denial of service attack by spawning many threads as root?
We've limited it to the number of CPUs in the box. That could still be a
denial of service but now at least somewhat limited.
Note also that for setuid binaries we now disallow all +RTS options in the
default `-rtsopts=some` mode.
Hopefully this gives us a reasonable balance between convenience and
security. Opinions on refinements welcome.
--
Ticket URL: <http://hackage.haskell.org/trac/ghc/ticket/3910#comment:14>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
_______________________________________________
Glasgow-haskell-bugs mailing list
[email protected]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-bugs
