Explicit filesystem permissions required

src/Main.hs

@@ -33,13 +33,16 @@ import System.Environment (lookupEnv)
 data TricuArgs
   = Repl
   | Eval
-      { evalFiles      :: [FilePath]
-      , evalFormat     :: EvaluatedForm
-      , evalOutput     :: FilePath
-      , evalDb         :: Maybe FilePath
-      , evalIo         :: Bool
-      , evalAllowRead  :: [FilePath]
-      , evalAllowWrite :: [FilePath]
+      { evalFiles         :: [FilePath]
+      , evalFormat        :: EvaluatedForm
+      , evalOutput        :: FilePath
+      , evalDb            :: Maybe FilePath
+      , evalIo            :: Bool
+      , evalAllowRead     :: [FilePath]
+      , evalAllowWrite    :: [FilePath]
+      , evalAllowReadAll  :: Bool
+      , evalAllowWriteAll :: Bool
+      , evalUnsafeIo      :: Bool
       }
   | ArboricxCompile
       { compileInput   :: FilePath
@@ -116,6 +119,18 @@ evalParser = Eval
      <> metavar "PATH"
      <> help "Allow writing to PATH prefix (repeatable)"
       ))
+  <*> switch
+      ( long "allow-read-all"
+     <> help "Allow reading from any path"
+      )
+  <*> switch
+      ( long "allow-write-all"
+     <> help "Allow writing to any path"
+      )
+  <*> switch
+      ( long "unsafe-io"
+     <> help "Allow unrestricted read and write access"
+      )
 
 compileParser :: Parser TricuArgs
 compileParser = ArboricxCompile
@@ -294,7 +309,12 @@ runEval opts = do
   finalT <- if evalIo opts
     then case checkIOSentinel resultT of
       Right (1, action) -> do
-        let perms = IOPermissions (evalAllowRead opts) (evalAllowWrite opts)
+        let perms = IOPermissions
+              { allowRead = evalAllowRead opts
+              , allowWrite = evalAllowWrite opts
+              , allowReadAll = evalUnsafeIo opts || evalAllowReadAll opts
+              , allowWriteAll = evalUnsafeIo opts || evalAllowWriteAll opts
+              }
         runIO perms action
       Right (v, _) -> die $ "Unsupported IO ABI version: " ++ show v
       Left err -> die $ "IO mode requested but " ++ err