Duncan Coutts <[EMAIL PROTECTED]> wrote: > Jason Dusek wrote: > > I appreciate what you guys are trying to do, but I at the > > very least, it should be permitted to use a GHCi that is > > group readable/writable as long as the group name and user > > name are the same. > > Hmm. That's a convention but it doesn't have any particular > semantics in unix security.
It is a common convention, of great practical value. Unfortunately, UNIX security is very much a matter of conventions. > If it really is only you in that group then why does it need > to be group writable? Isn't that the simple workaround? It is not abnormal to have a umask of 00x when using user private groups, the idea being, when you are actually in a public folder with public ownership, the permissions will be set correctly for collaborators. With this umask, all temporary '.ghci' files are created with permissions that are incompatible with GHCi. > I'm not sure they can do away with it completely. The problem > of course is that some other user could drop a .ghci file and > run arbitrary IO actions as you. I appreciate that, in the general case, a malicious person could place '.ghci' files in random places all over the filesystem, hoping someone will be so unlucky as to start a GHCi session there. User private groups do provide a way to avert this danger -- check that the only member of the owning group is the active user -- so there is no need to worry in that specific case. (Or is there? I will think about it for a spell, but I am pretty sure.) -- _jsn _______________________________________________ Glasgow-haskell-users mailing list Glasgow-haskell-users@haskell.org http://www.haskell.org/mailman/listinfo/glasgow-haskell-users