* "BENNETT,ANDY (HP-Unitedkingdom,ex1)" <[EMAIL PROTECTED]> [2001-04-27T15:10+0100]:
> While I agree that there is a potential security hole, I think it is
> something that you could possibly tackle with the OS security mechanisms. I
> don't know much about Windows, or other Unix platforms, but if
| -Original Message-
| From: George Russell [mailto:[EMAIL PROTECTED]]
| Sent: Friday, April 27, 2001 6:02 PM
| To: Julian Seward (Intl Vendor)
| Subject: Jeepers! dependent types go haywire!
|
|
| Compiling with
|
| ghc -fglasgow-exts -fallow-overlapping-instances
| -fallow-undeci
While I agree that there is a potential security hole, I think it is
something that you could possibly tackle with the OS security mechanisms. I
don't know much about Windows, or other Unix platforms, but if they are the
same as HP-UX doing the following will let you have a group writable
director
I mean:
:def source IO.readFile
Matt Harden wrote:
>
> Matt Harden wrote:
>
> >...why not ... add a builtin command that sources another file.
>
> How embarrassing...
>
>:def source readFile
>
> :-)
>
> Now I definitely want the automatic sourcing of ./.ghci turned off; I
> can already
Matt Harden wrote:
>...why not ... add a builtin command that sources another file.
How embarrassing...
:def source readFile
:-)
Now I definitely want the automatic sourcing of ./.ghci turned off; I
can already create a safer alternative myself.
Thanks,
Matt Harden
__
I agree that this feature is dangerous. I would prefer it be turned off
by default and an option given to enable it. Better yet, why not turn
it off altogether and add a builtin command that sources another file.
That way, users could add:
> :source ./.ghci
to their $HOME/.ghci file to get
> [Incidentally, if I did control Hugs, I wouldn't make the suggested
> change to "dlet"/"with" at this point. Marcin says I have no "deep
> reasons" ... Hmm, I don't know about "deep", but I do have reasons
> for this, both technical and pragmatic. But I'm not going to go into
> detail because