Re: [Haskell-cafe] .ghci files (Was: ANN: cabal-ghci 0.1)

11 Sep 2011

      Hi,

Am Samstag, den 10.09.2011, 19:34 +0200 schrieb Erik Hesselink:
...
On Sat, Sep 10, 2011 at 18:51, Joachim Breitner
 wrote:
...
Am Samstag, den 10.09.2011, 11:26 +0200 schrieb Erik Hesselink:
...
Did you know you can also put a .ghci file in your project dir, and if
you start ghci from that dir, it will also load that file? I think
that allows you to replicate some of the functionality of this tool,
since it allows per project ghci options.
is this well known and documented enough? It seems to me that most
people would not expect that running "ghci" in a directory can cause
arbitrary commands to be executed. This could be a security issue, e.g.
running ghci in a just downloaded software package with a rouge .ghci
file... but I am not sure what can or should be done about it.
Running ghci runs template haskell, which can already run arbitrary
code. Not that that fact makes this more secure, but if you don't
trust the Haskell packages you're installing, there are larger
security issues than .ghci files.
yes, but this requires actively loading a file. Executing arbitrary
commads when someone starts ghci in a rouge folder (consider an examiner
on a multi-user machine at a university) is of a different quality.
Especially as the file is hidden – TH code can easily be checked for
before.

Also it affects invocations "ghc -e", which conceivably could be used in
aliases for some action unrelated to running a ghci session, as in
http://www.joachim-breitner.de/blog/archives/156-Haskell-on-the-Command-Line...

Maybe the file shouldn’t be hidden, this would give some protection.
Alternatively, ghci could keep a white-list of files somewhere ~/.ghci
and ask if it should execute a .ghci file that has not been encountered
before.

I just noticed that it will not read files in directories not owned by
you and warn you about it (e.g. in /tmp), which is a good start. But
this does not help against files in packaged repositories.

Greetings,
Joachim

-- 
Joachim "nomeata" Breitner
  mail@joachim-breitner.de  |  nomeata@debian.org  |  GPG: 0x4743206C
  xmpp: nomeata@joachim-breitner.de | http://www.joachim-breitner.de/