On Wed, 8 Dec 2010, Brandon S Allbery KF8NH wrote:
Then build your CGIs restricted. Restricting the runtime by default, *especially* when setting runtime options at compile time is so much of a pain, is just going to cause problems. I'm already thinking that I may have to skip ghc7.
One should not have to know that CGI scripts can take untrusted command line arguments (which is a very obscure detail of the CGI protocol used by less than 0.0013% of web pages [1]), _and_ that RTS options exist and GHC-compiled Haskell programs can accept them on the command line (which was a moderately obscure detail of GHC), _and_ that RTS options can be used to confuse privileged programs into overwriting arbitrary files (which is a moderately obscure detail of the RTS), in order to write a “Hello, world!” web application in Haskell without a devastating security vulnerability. If you do know about RTS options from GHC 6, GHC 7 will tell you exactly how to make them work when you try to use them. I don’t think that’s too much to ask. $ ghc hello.hs; ./hello +RTS -? Linking hello ... hello: Most RTS options are disabled. Link with -rtsopts to enable them. $ rm hello; ghc -rtsopts hello.hs; ./hello +RTS -? Linking hello ... hello: hello: Usage: <prog> <args> [+RTS <rtsopts> | -RTS <args>] ... --RTS <args> hello: … Also, now that we can set runtime options at compile time (-with-rtsopts), using RTS options has never been easier. Anders [1] https://bugs.webkit.org/show_bug.cgi?id=7139