#6017: Reading ./.ghci files raises security issues
---------------------------------+------------------------------------------
Reporter: nomeata | Owner: pminten
Type: task | Status: patch
Priority: high | Milestone: 7.8.1
Component: GHCi | Version: 7.4.1
Keywords: | Os: Unknown/Multiple
Architecture: Unknown/Multiple | Failure: Other
Difficulty: Unknown | Testcase:
Blockedby: | Blocking:
Related: |
---------------------------------+------------------------------------------
Changes (by pminten):
* status: new => patch
Comment:
Here's a patch that adds a whitelist/blacklist mechanism. When ghci
encounters a .ghci file in the current directory and the current directory
is not the home dir (which is trusted) and the file does not match one of
the -ghci-script arguments ghci will look in ~/.ghc/ghci_blacklist and
then in ~/.ghc/ghci_whitelist. If it finds the .ghci file's path there it
will respectively not load and load the file. If the .ghci file is in
neither list the user will be asked.
If "ghc -e" is used no messages will be printed and no questions asked.
Unknown .ghci files are treated as blacklisted.
I don't have a testsuite update for this patch, wouldn't know how to test
this automatically.
--
Ticket URL: <http://hackage.haskell.org/trac/ghc/ticket/6017#comment:3>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
_______________________________________________
Glasgow-haskell-bugs mailing list
Glasgow-haskell-bugs@haskell.org
http://www.haskell.org/mailman/listinfo/glasgow-haskell-bugs
