From f3c0c2571a40d667cbe57ac1442b1d5ebaead0e0 Mon Sep 17 00:00:00 2001 From: simonmar Date: Fri, 4 May 2001 16:36:38 +0000 Subject: [PATCH] [project @ 2001-05-04 16:36:38 by simonmar] comment explaining why we check the perms on . before reading ./.ghci. --- ghc/compiler/ghci/InteractiveUI.hs | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/ghc/compiler/ghci/InteractiveUI.hs b/ghc/compiler/ghci/InteractiveUI.hs index fd5a9db..8915bad 100644 --- a/ghc/compiler/ghci/InteractiveUI.hs +++ b/ghc/compiler/ghci/InteractiveUI.hs @@ -1,5 +1,5 @@ ----------------------------------------------------------------------------- --- $Id: InteractiveUI.hs,v 1.65 2001/05/04 14:56:53 simonmar Exp $ +-- $Id: InteractiveUI.hs,v 1.66 2001/05/04 16:36:38 simonmar Exp $ -- -- GHC Interactive User Interface -- @@ -188,8 +188,14 @@ runGHCi = do -- NOTE: We only read .ghci files if they are owned by the current user, --- and aren't world writable. Otherwise, we could be accidentally --- running code planted by a malicious third party. +-- and aren't world writable. Otherwise, we could be accidentally +-- running code planted by a malicious third party. + +-- Furthermore, We only read ./.ghci if both . and ./.ghci are +-- owned by the current user and aren't writable by anyone else. I +-- think this is sufficient: we don't need to check .. and +-- ../.. etc. because "." always refers to the same directory while a +-- process is running. checkPerms :: String -> IO Bool checkPerms name = -- 1.7.10.4