-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/8/10 02:17 , Anders Kaseorg wrote: > On Sat, 2010-12-04 at 13:42 -0500, Brandon S Allbery KF8NH wrote: >> We went over this some time back; the GHC runtime is wrong here, it >> should only disable flags when running with geteuid() == 0. > > No. +RTS flags on the command line, at least, need to stay disabled in > all cases, not just setuid binaries. There are many situations where > you can arrange for untrusted command line arguments to be passed to > normal non-setuid binaries running with different privileges, including > some that you might not expect, such as CGI scripts. > > We can possibly be more permissive with the GHCRTS environment variable, > as long as we check that we aren’t setuid or setgid or running with > elevated capabilities, because it’s harder to cross a privilege boundary > with arbitrary environment variables. But, as already demonstrated by > the replies, this check is hard to get right.
Then build your CGIs restricted. Restricting the runtime by default, *especially* when setting runtime options at compile time is so much of a pain, is just going to cause problems. I'm already thinking that I may have to skip ghc7. - -- brandon s. allbery [linux,solaris,freebsd,perl] allb...@kf8nh.com system administrator [openafs,heimdal,too many hats] allb...@ece.cmu.edu electrical and computer engineering, carnegie mellon university KF8NH -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkz/pGwACgkQIn7hlCsL25VzGwCfaI7e+WQewAMXHtqTAFhrWzFd SsQAmwY47A2lPqxmbI+pky7HiXFqwiUy =hLrC -----END PGP SIGNATURE----- _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
