#10826: [Security] Safe Haskell can be bypassed via annotations -------------------------------------+------------------------------------- Reporter: spinda | Owner: Type: bug | Status: new Priority: normal | Milestone: Component: Compiler | Version: 7.10.2 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: GHC accepts | Unknown/Multiple invalid program | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Revisions: -------------------------------------+------------------------------------- Comment (by spinda): I should note that checking imports after renaming/typechecking, instead of before, also opens up nasty possibilities with QuasiQuoters, since Safe Haskell leaves them enabled (despite disabling the rest of Template Haskell). I have a more involved proof of concept that uses these two in conjunction to both execute arbitrary IO operations and delve into the GHC internals through a QuasiQuoter to mark arbitrary modules as safe. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/10826#comment:3 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler