users-guide: document :set local-config

Document the ':set local-config' command and add a warning about
sourcing untrusted local .ghci scripts.

Related: https://gitlab.haskell.org/ghc/ghc/issues/6017
Related: https://gitlab.haskell.org/ghc/ghc/issues/14250

1 files changed, 17 insertions, 0 deletions

diff --git a/docs/users_guide/ghci.rst b/docs/users_guide/ghci.rst
index 28d3a4f5ee..e0523161ea 100644
--- a/docs/users_guide/ghci.rst
+++ b/docs/users_guide/ghci.rst
@@ -2649,6 +2649,17 @@ commonly used commands.
 
     Sets the command used by :ghci-cmd:`:edit` to ⟨cmd⟩.
 
+.. ghci-cmd:: :set local-config; ⟨source|ignore⟩
+
+    If ``ignore``, :file:`./.ghci` files will be ignored (sourcing
+    untrusted local scripts is a security risk).   The default is
+    ``source``.  Set this directive in your user :file:`.ghci`
+    script, i.e. before the local script would be sourced.
+
+    Even when set to ``ignore``, a local script will still be
+    processed if given by :ghc-flag:`-ghci-script` on the command
+    line, or sourced via :ghci-cmd:`:script`.
+
 .. ghci-cmd:: :set prog; ⟨prog⟩
 
     .. index::
@@ -3133,6 +3144,12 @@ three subdirectories A, B and C, you might put the following lines in
 fact it works to set it using :ghci-cmd:`:set` like this. The changes won't take
 effect until the next :ghci-cmd:`:load`, though.)
 
+.. warning::
+    Sourcing untrusted :file:`./.ghci` files is a security risk.
+    They can contain arbitrary commands that will be executed as the
+    user.  Use :ghci-cmd:`:set local-config` to inhibit the
+    processing of :file:`./.ghci` files.
+
 Once you have a library of GHCi macros, you may want to source them from
 separate files, or you may want to source your ``.ghci`` file into your
 running GHCi session while debugging it