+RTS options introduce a security problem for, e.g., setuid binaries
The fact that every ghc-compiled program accepts +RTS options could be a security problem in several contexts. For example, if you compile a “Hello, world!” program and make it setuid root, any user can now overwrite any file on the system using root privileges: hello +RTS -t/etc/passwd.
The GHCRTS environment variable has the same problem.
One should not need to have to know about these obscure features to write a secure program that accepts untrusted arguments.
Trac metadata
| Trac field | Value |
|---|---|
| Version | 6.12.1 |
| Type | Bug |
| TypeOfFailure | OtherFailure |
| Priority | normal |
| Resolution | Unresolved |
| Component | Runtime System |
| Test case | |
| Differential revisions | |
| BlockedBy | |
| Related | |
| Blocking | |
| CC | |
| Operating system | |
| Architecture |