#15371: Eventlog framework outputs environment variables which may cause a security issue -------------------------------------+------------------------------------- Reporter: maoe | Owner: (none) Type: feature request | Status: new Priority: normal | Milestone: Component: Runtime System | Version: 8.4.3 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Other | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Description changed by maoe: Old description:

The eventlog framework currently writes all environment variables to the eventlog file. This may cause a security issue as some external tools expect user to set credentials in environment variables. It's possible for the user to publish an eventlog which contains credentials without knowing it.

In general it's not a good idea to set credentials in environment variables but I think GHC should stop writing environment variables to the eventlog implicitly and this feature should be opt-in.

I'm not sure if this feature is widely used or if we can just drop it. If it's used to some extend maybe we can provide a function that does this job in a library.

New description: The eventlog framework currently writes all environment variables to the eventlog file. This may cause a security issue as some external tools expect user to set credentials in environment variables. It's possible for the user to publish an eventlog which contains credentials without knowing it. In general it's not a good idea to set credentials in environment variables but I think GHC should stop writing environment variables to the eventlog implicitly and this feature should be opt-in. I'm not sure if this feature is widely used or if we can just drop it. If it's used to some extent maybe we can provide a function that does this job in a library. -- -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/15371#comment:1 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#15371: Eventlog framework outputs environment variables which may cause a security issue -------------------------------------+------------------------------------- Reporter: maoe | Owner: (none) Type: feature request | Status: new Priority: normal | Milestone: Component: Runtime System | Version: 8.4.3 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Other | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by maoe): Fixed this in https://github.com/ghc/ghc/pull/169. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/15371#comment:3 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#15371: Eventlog framework outputs environment variables which may cause a security issue -------------------------------------+------------------------------------- Reporter: maoe | Owner: (none) Type: feature request | Status: new Priority: normal | Milestone: Component: Runtime System | Version: 8.4.3 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Other | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | https://phabricator.haskell.org/D5187 -------------------------------------+------------------------------------- Changes (by maoe): * differential: => https://phabricator.haskell.org/D5187 -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/15371#comment:5 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#15371: Eventlog framework outputs environment variables which may cause a security issue -------------------------------------+------------------------------------- Reporter: maoe | Owner: (none) Type: feature request | Status: new Priority: normal | Milestone: Component: Runtime System | Version: 8.4.3 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Other | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Phab:D5187 Wiki Page: | -------------------------------------+------------------------------------- Comment (by Krzysztof Gogolewski ): In [changeset:"68a747c702d2432cc90d2a79a6aba0e67ac3e2c0/ghc" 68a747c/ghc]: {{{ #!CommitTicketReference repository="ghc" revision="68a747c702d2432cc90d2a79a6aba0e67ac3e2c0" rts: Stop tracing environment variables (fixes #15371) Summary: This tracing may cause a security issue as some external tools out there expects user to set credentials in environment variables. Reviewers: bgamari, erikd, simonmar, monoidal Reviewed By: monoidal Subscribers: tdammers, rwbarton, carter GHC Trac Issues: #15371 Differential Revision: https://phabricator.haskell.org/D5187 }}} -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/15371#comment:7 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#15371: Eventlog framework outputs environment variables which may cause a security issue -------------------------------------+------------------------------------- Reporter: maoe | Owner: (none) Type: feature request | Status: closed Priority: normal | Milestone: 8.8.1 Component: Runtime System | Version: 8.4.3 Resolution: fixed | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Other | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Phab:D5187 Wiki Page: | -------------------------------------+------------------------------------- Changes (by bgamari): * status: merge => closed * resolution: => fixed * milestone: => 8.8.1 Comment: I'm going to punt this to 8.8 since doing otherwise would imply a functional change in a minor release. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/15371#comment:9 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler