Eventlog framework outputs environment variables which may cause a security issue

The eventlog framework currently writes all environment variables to the eventlog file. This may cause a security issue as some external tools expect user to set credentials in environment variables. It's possible for the user to publish an eventlog which contains credentials without knowing it.

In general it's not a good idea to set credentials in environment variables but I think GHC should stop writing environment variables to the eventlog implicitly and this feature should be opt-in.

I'm not sure if this feature is widely used or if we can just drop it. If it's used to some extent maybe we can provide a function that does this job in a library.

changed weight to 5

added RTS Tfeature request Trac import labels

changed the description

I am quite sympathetic to this concern; it seems like this could very easily turn into a security issue.

Fixed this in https://github.com/ghc/ghc/pull/169.

Uploaded the patch to https://phabricator.haskell.org/D5187.

Trac metadata

Trac field	Value
Differential revisions	→ D5187

mentioned in commit 68a747c7

added 1 deleted label

closed

changed milestone to %8.8.1

I'm going to punt this to 8.8 since doing otherwise would imply a functional change in a minor release.

Trac metadata

Trac field	Value
Resolution	Unresolved → ResolvedFixed

removed 1 deleted label

added Pnormal label