[Haskell-cafe] GHC 7.0.1 developer challenges

Anders Kaseorg andersk at MIT.EDU
Wed Dec 8 19:14:02 CET 2010


On Wed, 8 Dec 2010, Brandon S Allbery KF8NH wrote:
> Then build your CGIs restricted.  Restricting the runtime by default, 
> *especially* when setting runtime options at compile time is so much of 
> a pain, is just going to cause problems.  I'm already thinking that I 
> may have to skip ghc7.

One should not have to know that CGI scripts can take untrusted command 
line arguments (which is a very obscure detail of the CGI protocol used by 
less than 0.0013% of web pages [1]), _and_ that RTS options exist and 
GHC-compiled Haskell programs can accept them on the command line (which 
was a moderately obscure detail of GHC), _and_ that RTS options can be 
used to confuse privileged programs into overwriting arbitrary files 
(which is a moderately obscure detail of the RTS), in order to write a 
“Hello, world!” web application in Haskell without a devastating security 
vulnerability.

If you do know about RTS options from GHC 6, GHC 7 will tell you exactly 
how to make them work when you try to use them.  I don’t think that’s too 
much to ask.

$ ghc hello.hs; ./hello +RTS -?
Linking hello ...
hello: Most RTS options are disabled. Link with -rtsopts to enable them.
$ rm hello; ghc -rtsopts hello.hs; ./hello +RTS -?
Linking hello ...
hello: 
hello: Usage: <prog> <args> [+RTS <rtsopts> | -RTS <args>] ... --RTS <args>
hello: …

Also, now that we can set runtime options at compile time (-with-rtsopts), 
using RTS options has never been easier.

Anders

[1] https://bugs.webkit.org/show_bug.cgi?id=7139



More information about the Haskell-Cafe mailing list