#15567: security of package environment files -------------------------------------+------------------------------------- Reporter: joeyhess | Owner: (none) Type: bug | Status: new Priority: high | Milestone: 8.6.1 Component: Compiler | Version: 8.2.2 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: None/Unknown | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by hvr): Sven, we don't have to throw the baby out with the bathwater -- for ghc env files to achieve the goal they were invented for they have to be honoured by default, otherwise they become too tedious to use that we can just as well give up on them -- it's like asking to have to opt into `.ghci` files; we can just simply fix the code to follow a similar logic like we did for `.ghci` files: only read them if the permission/ownership are sensible. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/15567#comment:3 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler