Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in / Register
  • GHC GHC
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 5,399
    • Issues 5,399
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
  • Merge requests 592
    • Merge requests 592
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Releases
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Glasgow Haskell CompilerGlasgow Haskell Compiler
  • GHCGHC
  • Issues
  • #10826
Closed
Open
Issue created Sep 02, 2015 by spinda@trac-spinda

[Security] Safe Haskell can be bypassed via annotations

module Test (hook) where

import System.IO.Unsafe

{-# ANN hook (unsafePerformIO (putStrLn "Woops.")) #-}
hook = undefined
➜  Test ghc -fpackage-trust -XSafe Test_simple.hs 
[1 of 1] Compiling Test_simple      ( Test_simple.hs, Test_simple.o ) [flags changed]
Woops.

Test_simple.hs:4:1:
    System.IO.Unsafe: Can't be safely imported!
    The module itself isn't safe.

GHC ultimately rejects the program due to the System.IO.Unsafe import, but this check doesn't occur until GHC has compiled and run the annotation expression, allowing arbitrary IO operations via unsafePerformIO.

The solution is probably to move the import check from the end of renaming/typechecking to the start.

Edited Mar 10, 2019 by spinda
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking