If .ghci is a symlink, permissions aren't read correctly
|Reported by:||berdario||Owned by:|
|Type of failure:||Other||Difficulty:||Easy (less than 1 hour)|
|Test Case:||Blocked By:|
dario@macbook ~> ls -l .ghci
lrwxrwxrwx 1 dario dario 40 Jul 14 15:27 .ghci -> /home/dario/.dotfiles/dotfiles/ghci.conf
dario@macbook ~> ls -l (readlink -f .ghci)
-rw-r--r-- 1 dario dario 10 Jul 14 15:25 /home/dario/.dotfiles/dotfiles/ghci.conf
dario@macbook ~> ghci
GHCi, version 7.6.2: http://www.haskell.org/ghc/ :? for help
Loading package ghc-prim ... linking ... done.
Loading package integer-gmp ... linking ... done.
Loading package base ... linking ... done.
* WARNING: /home/dario/.dotfiles/dotfiles is writable by someone else, IGNORING!
Obviously, /home/dario/.dotfiles/dotfiles isn't writable by someone else...
Someone else could actually delete the symlink and maybe recreate it... but it couldn't inject malicious commands in the .ghci, unless the file pointed by the symlink was also writable by the attacker, in which case, checking the permissions of the target of the symlink would still prevent any wrongdoing
Change History (9)
comment:2 Changed 6 months ago by leroux
- Resolution set to invalid
- Status changed from new to closed